{“lastseen”:”2025-09-08T11:09:20″,”description”:”\\n\\n## When Attackers Get Hired: Today’s New Identity Crisis\\n\\nWhat if the star engineer you just hired isn’t actually an employee, but an attacker in disguise? This isn’t phishing; it’s infiltration by onboarding.\\n\\nMeet \\”Jordan from Colorado,\\” who has a strong resume, convincing references, a clean background check, even a digital footprint that checks out.\\n\\nOn day one, Jordan logs into email and attends the weekly standup, getting a warm welcome from the team. Within hours, they have access to repos, project folders, even some copy\/pasted dev keys to use in their pipeline.\\n\\nA week later, tickets close faster, and everyone’s impressed. Jordan makes insightful observations about the environment, the tech stack, which tools are misconfigured, and which approvals are rubber-stamped.\\n\\nBut Jordan wasn’t Jordan. And that red-carpet welcome the team rolled out was the equivalent to a golden key, handed straight to the adversary.\\n\\n## From Phishing to Fake Hires\\n\\nThe modern con isn’t a malicious link in your inbox; it’s a legitimate login inside your organization.\\n\\nWhile phishing is still a serious threat that continues to grow (especially with the increase in AI-driven attacks), it’s a well-known attack path. Organizations have spent years hardening email gateways, training employees to recognize and report malicious content, and running internal phishing tests.\\n\\nWe defend against a flood of phishing emails daily, as there’s been a 49% increase in phishing since 2021, and a 6.7x increase in large language models (LLMs) being used to generate emails with convincing lures. It’s becoming significantly easier for attackers to run phishing attacks.\\n\\nBut that’s not how Jordan got in. Despite numerous defenses pointed at email, Jordan got in with HR paperwork.\\n\\n## Why is Hiring Fraud a Problem Now?\\n\\nRemote hiring has scaled rapidly in the past few years. Industries have discovered that 100% remote work is possible, and employees no longer need offices with physical (and easily defendable) perimeters. Moreover, talented resources exist anywhere on the planet. Hiring remotely means organizations can benefit from an expanded hiring pool, with the potential for more qualifications and skills. But remote hiring also removes the intuitive and natural protections of in-person interviews, creating a new opening for threat actors.\\n\\nToday, identity is the new perimeter. And that means your perimeter can be faked, impersonated, or even AI-generated. References can be spoofed. Interviews can be coached or proxied. Faces and voices can be generated (or deepfaked)\ufffc by AI. An anonymous adversary can now convincingly appear as \\”Jordan from Colorado\\” and get an organization to give them the keys to the kingdom. \\n\\n## Hiring Fraud in the Wild: North Korea’s Remote \\”Hire\\” Operatives\\n\\nThe threat of remote hiring fraud isn’t something we’re watching roll in on the horizon or imagine in scary stories around the campfire. \\n\\nA report published in August of this year revealed over 320 cases of North Korean operatives infiltrating companies by posing as remote IT workers with false identities and polished resumes. That single example has seen a 220% increase year-over-year, which means this threat is escalating quickly., which means this threat is escalating quickly.\\n\\nMany of these North Korean operatives used AI-generated profiles, deepfakes, and real-time AI manipulation to pass interviews and vetting protocols. One case even involved American accomplices who were operating \\”laptop farms\\” to provide the operatives with physical US setups, company\u2011issued machines, and domestic addresses and identities. Through this scheme, they were able to steal data and funnel salaries back to North Korea’s regime, all while evading detection.\\n\\nThese aren’t isolated hacktivist stunts, either. Investigations have identified this as a systematic campaign, often targeting Fortune 500 companies. \\n\\n## The Castle \\u0026 Moat Problem \\n\\nMany organizations respond by overcorrecting: _\\”I want my entire company to be as locked down as my most sensitive resource.\\”_\\n\\nIt seems sensible\u2014until the work slows to a crawl. Without nuanced controls that allow your security policies to distinguish between legitimate workflows and unnecessary exposure, simply applying rigid controls that lock everything down across the organization will grind productivity to a halt. Employees need access to do their jobs. If security policies are too restrictive, employees are either going to find workarounds or continually ask for exceptions. \\n\\nOver time, risk creeps in as exceptions become the norm.\\n\\nThis collection of internal exceptions slowly pushes you back towards \\”the castle and moat\\” approach. The walls are fortified from the outside, but open on the inside. And giving employees the key to unlock everything inside so they can do their jobs means you are giving one to Jordan, too.\\n\\nIn other words, locking everything down the wrong way can be just as dangerous as leaving it open. Strong security must account for and adapt to real-world work, otherwise, it collapses.\\n\\n## How To Achieve a Zero Standing Privileges State and Block Fraudulent New Hires Without the Trade-Off\\n\\nWe’ve all heard of zero trust: never trust, always verify. This applies to every request, every time, even after someone is already \\”inside.\\” \\n\\nNow, with our new perimeter, we have to view this security framework through the lens of identity, which brings us to the concept of zero standing privileges (ZSP).\\n\\nUnlike the castle model, which locks everything down indiscriminately, a ZSP state should be built around flexibility with guardrails:\\n\\n * **No always-on access by default** \\\\- The baseline for every identity is always the minimum access required to function. \\n * **JIT (Just-in-Time) + JEP (Just–Enough-Privilege) – -** Extra access takes the form of a small, scoped permission that exists only when needed, for the finite duration needed, and then gets revoked when the task is done.\\n * **Auditing and accountability -** Every grant and revoke is logged, creating a transparent record.\\n\\n\\n\\nThis approach closes the gap left by the castle problem. It ensures attackers can’t rely on persistent access, while employees can still move quickly through their work. Done right, a ZSP approach aligns productivity and protection instead of forcing a choice between them. Here are a few more tactical steps that teams can take to eliminate standing access across their organization:\\n\\n### The Zero Standing Privileges Checklist\\n\\n#### **Inventory \\u0026 baselines:**\\n\\n * Consolidate all identities (employees, contractors, service accounts) into one place.\\n * Set role-based minimums.\\n * Remove dangling, legacy, and overprovisioned rights.\\n\\n\\n\\n#### **Request \u2013 Approve \u2013 Remove:**\\n\\n * Enable users to ask for access where they work (Slack, Teams, or a portal).\\n * Automate approvals, or route through custom workflows with full context: who, why, scope, duration.\\n * Ensure approvals grant just enough, just-in-time access.\\n * Auto-revoke access when the task is complete.\\n * **Guardrails by design:**\\n * Enforce time-boxed sessions, least-privilege scopes, and controlled break-glass procedures with tight limits.\\n * Offer pre-approved bundles for common tasks so access happens seamlessly and workflows are uninterrupted.\\n\\n\\n\\n#### **Full audit and evidence**\\n\\n * Log and sign every grant, change, and revoke action.\\n * Maintain exportable, clean evidence for reviews, incident investigations, and compliance.\\n\\n\\n\\n## Taking Action: Start Small, Win Fast\\n\\nA practical way to begin is by piloting ZSP on your most sensitive system for two weeks. Measure how access requests, approvals, and audits flow in practice. Quick wins here can build momentum for wider adoption, and prove that security and productivity don’t have to be at odds.\\n\\nBeyondTrust Entitle, a cloud access management solution, enables a ZSP approach, providing automated controls that keep every identity at the minimum level of privilege, always. When work demands more, employees can receive it on request through time-bound, auditable workflows. Just enough access is granted just in time, then removed.\\n\\nBy taking steps to operationalize zero standing privileges, you empower legitimate users to move quickly\u2014without leaving persistent privileges lying around for Jordan to find.\\n\\nReady to get started? Click here to get a free red-team assessment of your identity infrastructure.\\n\\n**Note:** _This article was expertly written and contributed by David van Heerden, Sr. Product Marketing Manager. David van Heerden \u2014 a self-described general nerd, metalhead, and wannabe film snob \u2014 has worked in IT for over 10 years, sharpening his technical skills and developing a knack for turning complex IT and security concepts into clear, value-oriented topics. At BeyondTrust, he has taken on the Sr. Product Marketing Manager role, leading the entitlements marketing strategy._\\n\\nFound this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2025-09-08T09:20:00″,”modified”:”2025-09-08T09:20:00″,”type”:”thn”,”title”:”You Didn’t Get Phished \u2014 You Onboarded the Attacker”,”source”:””,”references”:””,”id”:”THN:BC9519A515F29CB7093E17602001C088″,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2025\/09\/you-didnt-get-phished-you-onboarded.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-09-08T11:09:20″,”description”:”\\n\\n## When Attackers Get Hired: Today’s New Identity Crisis\\n\\nWhat if the star engineer you just hired isn’t actually an employee, but an attacker in disguise?…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,7,11,43,5],"class_list":["post-16370","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n