New FBI Warning: Disable Local Administrator Accounts as Attacks Continue

New FBI  Warning: Disable Local  Administrator Accounts  as Attacks Continue
Not a valid attachment ID.
FBI Protection. Disable Local Administrator Accounts, FBI
Updated, January 28, 2025: 
This story, originally published  on January 27, has been updated with  additional mitigation advice regarding the  threat from North Korean  cybercriminals, as  outlined in the  FBI's public service  announcement. Hackers use many methods to steal your data, from  cybercriminal AI chatbots, two-factor authentication bypass attacks, and even  the new "don't double-click" hacks.  However, they also attack after  you've secured employment with your organization, as  highlighted in the  FBI's recent warning in  Public Service Announcement I-012325-PSA. Disable local  administrator accounts, FBI  says: Here's why your business really should  consider it.
FBI warning – extortion and theft of sensitive corporate data
As hacking attacks involving  remote IT workers from the Democratic  People's Republic of Korea continue, the FBI  said it is warning the  public sector, private sector and international community about  "corporate victimization" based in the  United States. FBI investigations have  found that North Korean IT  employees used illegal access to systems to steal  private and sensitive data  and facilitate other  cybercriminal activities.
According to the FBI announcement, victims  saw proprietary data and code held  for ransom, corporate code repositories  copied into attackers' user profiles and personal cloud accounts, and attempted  to obtain corporate credentials and  sessions for further compromise  opportunities. Mitigating the Threat of North Korean  Cybercriminals - Advice from the FBI  and Security Experts
The FBI  recommended disabling local administrator accounts and  limiting remote desktop  application installation privileges, as well as  monitoring any unusual network traffic. "North Korean  cybercriminals often have multiple logins  to a single account in a short period of time," the FBI  warned, "from multiple IP addresses, often associated with different countries."
The FBI concluded that  strict identity verification processes should  be implemented during the  interview and onboarding  phases of  these employees and should continue to  be implemented throughout the employment lifecycle.  "Check human resources systems for other  candidates with  similar resume content and/or contact information," the FBI warned, adding that "North Korean  computer scientists have been observed using artificial intelligence and  facial-replacement technology during video job interviews to  mask their true  identities."
Forbes

Following  the Justice Department's indictments of  individuals suspected of involvement in running the hacking campaign against North  Korea's remote IT  workers, Michael Barnhart, principal analyst at  Mandiant at Google Cloud,  said: "These legal actions  are designed to  disrupt infrastructure support and  create significant obstacles. to their continued  success." According to the latest FBI security  alert, this does not  appear to be the case. Mandiant also offered the following mitigation  tips for these  attacks.
Using periodic and mandatory checks where your remote  employees are required to  appear on  camera. Ongoing training programs for users and employees on current threats and  trends. Mandatory use of  US banks for financial transactions  to thwart malicious activity abroad, as  acquiring US bank accounts  involves more stringent identity verification than in many  countries. At the same time, the FBI said that human resources staff, hiring  managers and development teams should  focus explicitly  "on changes in  addresses or payment platforms during the onboarding  process."

[attachment deleted by admin]