Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

FBI Warns Against 10 Red Flags About Hiring of North Korean “IT Workers.” [Share With HR]

The U.S. Federal Bureau of Investigation and South Korea’s Ministry of Foreign Affairs have issued an advisory offering guidance to “the international community, the private sector, and the public to better understand and guard against the inadvertent recruitment, hiring, and facilitation” of North Korean “IT workers”.

The advisory explains that “the hiring or supporting of DPRK IT workers continues to pose many risks, ranging from theft of intellectual property, data, and funds, to reputational harm and legal consequences, including sanctions under U.S., ROK, and United Nations (UN) authorities.”

North Korean government operatives frequently use social engineering to conduct cyber espionage and financial theft.

The advisory outlines 10 important red flags associated with potential North Korean IT workers:

  1. “Unwillingness or inability to appear on camera, conduct video interviews or video meetings; inconsistencies when they do appear on camera, such as time, location, or appearance.”
  2. “Undue concern about requirements of a drug test or in person meetings and having the inability to do so.”
  3. “Indications of cheating on coding tests or when answering employment questionnaires and interview questions. These can include excessive pausing, stalling, and eye scanning movements indicating reading, and giving incorrect yet plausible-sounding answers.”
  4. “Social media and other online profiles that do not match the hired individual’s provided resume, multiple online profiles for the same identity with different pictures, or online profiles with no picture.”
  5. “Home address for provision of laptops or other company materials is a freight forwarding address or rapidly changes upon hiring.”
  6. “Education on resume is listed as universities in China, Japan, Singapore, Malaysia, or other Asian countries with employment almost exclusively in the United States, the Republic of Korea, and Canada.”
  7. “Repeated requests for prepayment; anger or aggression when the request is denied.”
  8. “Threats to release proprietary source codes if additional payments are not made.”
  9. “Account issues at various providers, change of accounts, and requests to use other freelancer companies or different payment methods.”
  10. “Language preferences are in Korean but the individual claims to be from a non-Korean speaking country or region.”

Here is the blog post with links. Share this with your HR Team.

Latest Example of “Site Hopping” To Bypass Security Scanners

A new technique is becoming increasingly common as a way to bypass security scanners. The challenge is that the specific execution is constantly evolving, making it difficult to detect, but not impossible to spot.

In an earlier time when trains served as the primary mode of long-distance transportation, individuals without tickets would often run alongside moving trains and hop onto the last train car to hitch a ride until it suited their needs. They would then transition to the next train and repeat the process until they reached their desired destination.

This practice — called “train hopping” — constituted the misuse of a legitimate service, serving the interests of the ‘traveler’ as long as it met their needs.

I’ve noticed a similarity concerning cyber attacks, where legitimate web services are momentarily misused within a cyber attacker attack. As a result, I’ve decided to introduce a new cybersecurity term — “site hopping.”

This term describes when an attacker exploits several website’s legitimate functions to obscure the final web destination to which victims of a phishing scam are directed.

We’ve recently observed in-the-wild examples of this, including the misuse of the Salesforce website. The objectives of site hopping seem to be twofold: either to take advantage of the ‘hopped’ site’s legitimacy or to exploit the site’s technology in a way that hinders security solutions from effectively performing their tasks.

While I don’t know if it will take off beyond this blog, you heard it here first!

[CONTINUED] At the KnowBe4 Blog:


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.