Excerpted from a JDSUPRA Blog
The New York State Department of Financial Services (NYDFS) issued an industry letter outlining the threats posed to U.S. companies who hire remote technology workers linked to North Korea and may embezzle funds from their new employers.
On November 1, 2024, NYDFS issued guidance warning companies against an increasing risk posed from individuals applying for employment in IT roles who are in fact operating on behalf of North Korea. These applicants seek employment in order to infiltrate western companies’ computer systems and illicitly generate revenue for the North Korean regime.
As recently as August 8, 2024, the FBI arrested Matthew Knoot of Nashville, Tennessee, for his involvement in a scheme designed to assist North Korean threat actors secure remote IT positions with companies in the United States and the United Kingdom. These threat actors were paid hundreds of thousands of dollars in income that was funneled to the North Korean government to generate revenue for the country’s illicit weapons program.
According to a Department of Justice press release, in addition to the collective salaries paid by victim companies, the actions of Knoot and the North Korean operatives resulted in out of pocket losses exceeding $500,000 from expenses related to auditing and remediating their devices, systems, and networks.
NYDFS Guidance
NYDFS continues to serve as a leading regulatory voice in the cybersecurity space. Alongside similar advisories from the FBI and the United States Department of State, NYDFS emphasizes a multi-faceted approach to mitigate these threats as outlined below:
Awareness and Training: Companies should educate senior executives, information security personnel, and human resources to ensure that all relevant stakeholders are informed of such remote worker threats. Relevant stakeholders must include third-party service providers, such as staffing agencies, that should implement cybersecurity best practices when vetting applicants.
Due Diligence in Hiring: Companies should conduct comprehensive background checks and verify identities using multiple official government documents. As with most applicants, remote workers’ social media accounts should be scrutinized, and applicants for remote work positions should have their physical and IP locations confirmed. Companies should monitor the use of virtual private networks (VPNs) and proxy servers, especially during interviews. Ideally, companies should assess whether to require interviews in person or remotely via videocam to verify that the applicant’s identity matches their official documentation. Additionally, companies should verify employment references and check for Voice over Internet Protocol (VOIP) numbers in an applicant’s contact details to reveal inconsistencies.
Takeaway: The industry letter is a reminder that while there are significant benefits associated with remote work, as remote work remains prevalent in the marketplace, so do the opportunities for threat actors to exploit it. By implementing the steps outlined above, companies can better safeguard their information systems and protect sensitive data from foreign threats.
If a company believes it has been targeted by a remote IT worker scheme or has been contacted by fraudulent IT professionals, the company should investigate and report the incident to the FBI’s Internet Crime Complaint Center (IC3). Additionally, Covered Entities must ensure they fulfil their reporting obligations under 23 NYCRR § 500.17 mentioned in our update from last week, as well as potential reporting obligations under other state or federal laws.
For the full story, please click here.