Disable local administrator accounts, FBI warns.
UPDATE, January 28, 2025: This story, originally published on January 27, has been updated with further tips for relaxing regarding the threat of North Korean IT worker, as noted by the FBI public service announcement.
Hackers use many methods to steal your data, from AI-chatbots cybercrime, two-factor bypass attacks, and even the novel does not double click hacks. However, they also attack after gaining work with your organization, as is the case described in the latest warning by the Federal Bureau of Investigation in the I-012325-PSA Public Service notice. Disable local administrator accounts, FBI said: That’s why your business really needs to get attention.
FBI Warning – Selection and theft of Company’s sensitive data
Whereas Hack attacks, which include remote information technology workers from the Democratic People’s Republic of Korea, continue, FBI said, is warning of the public, the private sector and the international community for “US -centered businesses victimization”. FBI investigations have noticed North Korean employees using illegal access to systems in order to steal property and sensitive data as well as to facilitate other online crime activity.
According to the FBI announcement, the victims have seen data and code of the owner held to reward, copy the corporate code depot to attackers’ users and Cloud’s personal accounts, and the attempt to harvest company credentials and cookies for opportunities for opportunities further compromise.
Softening the threat of North Korea worker – advised by FBI and security experts
The FBI has advised that you need to disable local administrator accounts and limit privileges to install remote desktop applications as well as monitor for any unusual network traffic. “North Korean workers often have numerous entry into an account within a short period of time,” FBI warned, “from different IP addresses, often accompanied by different places.”
The FBI concluded that you need to implement strict identity verification processes during the interview stages and the employment board of such workers, as well as continue to do so throughout the life cycle of employment. “Cross control HR systems for other applicants with the same resumption content and/or contact information,” FBI warned, adding that “North Korean IT workers have been observed using artificial intelligence and changing technology facial during video work interviews to prevent their true identities. “
Following the indictments of the Department of Justice against the people allegedly involved in the direction of the North Korean worker’s hacker campaign, Michael Barnhart, Mandian’s leading analyst at Google Cloud, said “these legal actions aim to dismantle support infrastructure and To establish considerable obstacles to their continued success. Mandian also offered the following softening tips in the face of these attacks.
- Utilizing periodic and mandatory controls where your remote workers are required to go to cameras.
- Continuous educational programs for users and employees for current threats and trends.
- Compulsory use of US banks for financial transactions in order to interfere with malicious overseas activity, as the purchase of US bank accounts implies more strict identity verification than in many countries.
Meanwhile, FBI said that human resources staff, employment of managers and development teams should clearly focus “on changes in addresses or payment platforms during the board process.”