Over the last couple of years, we have seen a marked increase in criminal groups infiltrating companies. Either using AI and stolen identities or fronting interviews with disposable candidates all the way through until the contract is signed, and then an alternative person shows up to start the job. In many cases once they have their position, they then either attempt to request greater privileges to gain access to corporate repositories for useful information they can steal. In many cases, even when caught they will simply vanish, corporate asset and all requiring lengthy investigations, access audits, risk management headaches and policy reviews on recruitment practices.
I have personal knowledge of 1 case where this actually happened to a multinational company. Whilst they were shocked and embarrassed by being the victim of such an attack, they did catch the individual quickly and were satisfied that they didn’t lose any sensitive data, even though the individual did get away with a corporate device (for all I know it’s now being used to inefficiently mine bitcoin). Regardless, this was a wake-up call for the company, they had heard about this sort of scam, considered that they could never be a victim to such an approach, and were then utterly astonished when it happened but they learned from it, and now factor it into their recruitment programmes, have put into place new safeguards, such as ensuring the person has to visit the office with their ID to collect their IT rather than relying on remote verification, and during the interview process, devising questions which cannot be easily answered by AI.
This sort of scenario can be played out in a tabletop exercise, for HR, Risk, Legal, and IT, to help you simulate what you would do should this happen to you. You can also play this out in a practical red team scenario, building on the tabletop exercises to help you understand how you can detect and defend against such an attack. At Prism Infosec we can help with both of these sorts of exercises, and with incident response should you ever be a victim yourself. Please feel free to reach out to us, should you like to know more.
Prism Infosec: Cyber Security Testing and Consulting Services