The North Koreans would receive money laundered through the American counterpart and would use that money to fund North Korea’s nuclear weapon program.  

Why is this important?

An unknown user having access to your network and pretending to be an employee is extremely dangerous. They can install malware, steal data, and cause significant damage to your network. What’s even more dangerous is that this isn’t the first North Korean laptop farm to appear in the US. 

An Arizona woman also was arrested for running a laptop farm that helped North Koreans obtain American jobs under false identities and cyber security company, KnowBe4, also faced a similar issue last month.

This growing trend is alarming, as the improvement of AI and the use of remote work grows, the scam is only getting easier to complete. Security managers must take proactive steps to protect their organizations from falling victim to this uprise of laptop farms. 

How to be proactive against laptop farm scams

Share the story and have candid conversations

Employee awareness is the first line of defence. Share this recent news story with your team members in your weekly newsletter, #security Slack channel, or weekly round table. Ask them their thoughts, quiz them on identifying the risk, vulnerability, and threat in the scenario, and be ready to answer questions. 

Candid conversations about the risks and warning signs of laptop farms can help prevent your team from falling victim to these schemes. At the end of the message or conversation, remind everyone to stay vigilant, always verify contacts, and come to the security team if something seems suspicious. 

Evaluate your onboarding process 

Collaborate with your IT and HR team to evaluate your hiring and onboarding process. Think about how you verify the identity of new hires before they gain access to your systems. Would it be proficient enough to catch the laptop farm scammer? 

Note that KnowBe4 reported that they did background checks, four video interviews, and verified references before accidentally hiring the laptop farm scammer. So even the most careful of companies can still have vulnerabilities in their onboarding process. 

Consider requiring in-person interviews and intense background checks for all employees. Even though these things add time and resources to your onboarding process, it’ll be worth it in the end. This most recent attack resulted in $250,000 in salary payments being wasted on the North Korean imposter. 

Review your accessibility settings 

Should a new employee have access to the most sensitive data in your organization? Or have the controls to shut down your network? Review your access settings for new employees. Consider what they need to have access to do their job, compared to what they have access to when they are hired. 

The ultimate scenario is that new hires have access to the least amount of data and controls possible until these things are needed for them to complete their role and they have gained the trust of your organization. 

By taking the time to adjust your access settings, you can stop any imposter hires from accessing data or controls. 

Implement end-point security

Given the nature of laptop farms, end-point security is crucial. Invest in endpoint detection and response (EDR) solutions to continuously monitor the security of all of your network’s laptops. Ensure that the EDRs also include protective measures that can stop and detect malware before it causes harm. 

Regularly keep tabs on the activity and security of all company-issued devices. Consider setting up additional alerts for unusual activity and consider having additional restrictions for your WFH devices. 

Prepare for incident response

This is a new scam trend, and we don’t need to only prevent it, but be prepared for it if it does happen. Develop and regularly update an incident response plan for a scenario where an employee is suspected of being a laptop farm imposter and a plan for once it is confirmed. 

This plan should include: 

• Immediate actions to be taken by HR, IT, and Security Teams
• Communications plan for internal and external communications 
• Police and federal agency reporting plan 
• Recover steps 

This North Korean laptop farm headline isn’t an isolated incident, but proof of a broader issue developing in the cyber security landscape. By staying informed and taking proactive measures, you can help protect yourself and your organization from becoming a target.

Share information, collaborate with your teams, and continuously evaluate your security practices to stay one step ahead of these sophisticated scams.