AI tools are making it harder to catch hackers posing as job applicants, ET CISO
Companies that are looking to cybersecurity professionals are facing a new challenge: hackers using artificial intelligence (AI) to disguise themselves as qualified applicants – making it difficult for employers to differentiate between legitimate job seekers and bad actors, a report has said.
According to a report by The Wall Street Journal, as cyberattacks on businesses rise, security leaders in the US are tightening hiring procedures to identify bad actors or those exaggerating their skills.
How these ‘applicants’ are ‘dangerous’ for the companies
Spies who are hired may steal intellectual property and corporate data. US officials have previously warned of a large, hidden workforce of North Korean IT workers in low-level jobs globally. The report says that these workers help North Korea evade sanctions and generate billions through cybercrime, often aided by Westerners posing as job applicants.
The Justice Department recently alleged that over 300 US companies unknowingly hired foreign nationals with North Korean ties for remote IT jobs.
What company leaders have to say
Lili Infante, CEO of CAT Labs, a cryptocurrency recovery startup, shared at a cybersecurity conference that North Korean hackers frequently apply for jobs at her company, some even referred by recruiters.
“We’ve identified over 50 applicants as potential North Korean spies forcing us to implement stricter hiring controls,” Infante was quoted as saying.
Infante explained that in cryptocurrency firms, these hackers can introduce vulnerabilities to steal assets.
However, cyber hiring teams aren’t just looking for state-sponsored actors, applicants with inflated resumes are also a concern.
AI tools like ChatGPT makes spotting imposters harder as they can generate perfect resumes and cover letter answers. Additionally, AI-created deepfakes allow impersonation attacks through mimicked voices and videos, leading to cyber breaches.
“I always request ID verification on video. With deepfakes and remote work, it’s easy to accidentally hire a North Korean spy if not careful,” Infante said.
Brent Conran, Intel’s CISO, says that he personally interviews senior-level cybersecurity hires and uses “technical gates” to assess skills – a test Conran himself had to pass.