184
How a North Korean Fake IT Worker Tried to Infiltrate Security Awareness Firm KnowBe4
(blog.knowbe4.com)
That company's training materials are hilariously terrible.
this post was submitted on 24 Jul 2024
184 points (97.4% liked)
Technology
58137 readers
4359 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
They treat you like a child with no self respect. They are awful.
It’s because the training materials aren’t aimed at the typical Lemmy user who knows how to dual-boot Linux and built their own hackintosh for fun. It’s aimed at Jim in accounts receivable, who is 2 years away from retirement and hasn’t learned any new tech literacy skills in the entire 23 years he’s been with the company. It’s aimed at Pam in HR, who panics and says the internet is broken because she deleted her Chrome desktop shortcut for the fifth time this week. It’s aimed at Jill in accounts payable, who called IT to say her computer wasn’t working, (the power was out in the entire building, because a trash truck hit the power lines across the street.)
IT deals with a lot of BS, from users who don’t know anything about how computers or modern scams/hacks work. KnowBe4 is aimed that those users, because an organization’s security is only as impenetrable as its dumbest “oh hey I found a USB drive outside the front doors. I’m gonna plug it in to see what’s on it” users.
Yep. The videos feel like they were designed by people who have never spoken to another human before. And yeah, seems like they are catering to old people who were new to email in 2003.
That's because they are. Those are the people who are most likely to fall for phishing.
All I know is I have to waste an hour or so on this crap every year and it's annoying.
Hiring somebody without ever physically seeing them is a curious reality
I'm surprised , if the intention has stated, is to work well paid job and place a resource, why load malware at all?
If they're just trying to remote into the device, why are they remoting indirectly to the laptop? Why not use a remote KVM that hooks up to the output and USB ports?
Interesting point about the KVM. To make it transparent the KVM would need to report the model of a real monitor in the display EDID data. Also if you’re monitoring the device, which is almost certainly a laptop, it would be suspicious if it was plugged in to a monitor 100% of the time.
Having a laptop permanently in a dock is pretty normal for tech workers.
Mine is either connected to a USBC dock at home or the office. I have only used it without when at a hotel.
Sure, I use a ThunderBolt dock at home, but being docked 100% of the time is probably not normal.
Mine has been docked for months at a time. I recently started shifting it to be near the kids when they're home; but not undocking it wouldn't strike me as strange at all.
That’s fair!
How do you get out of North Korea unnoticed?
Go through China. Although this seemed like a remote position.
That guy or is it only a stock photo?
The article says it’s a stock photo that has been edited with AI.
Prompt “make this guy look like a North Korean hacker or something idk”
Didn't see that. Thanks!
Someone wanted to see the new season of The Inside Man early