Innovation and Technology
Disable Local Admin Accounts
FBI Warning: Disable Local Admin Accounts to Protect Your Business from North Korean IT Worker Threat
Hackers use various methods to steal data, including cybercrime AI-chatbots, two-factor authentication bypass attacks, and novel don’t click twice hacks. However, they also attack by gaining employment with your organization, as highlighted by the FBI public service announcement I-012325-PSA. Disable local admin accounts, the FBI warns, and here’s why your business should take notice.
FBI Warning on Extortion and Theft of Sensitive Company Data
As hack attacks involving remotely-based information technology workers from the Democratic People’s Republic of Korea continue, the FBI warns the public, private sector, and international community about the "victimization of US-based businesses." FBI investigations have observed North Korean IT workers using unlawful access to systems to steal proprietary and sensitive data and facilitate other cyber-crime activity.
Victims have seen proprietary data and code held to ransom, copying of corporate code repositories to attacker user-profiles and personal cloud accounts, and attempted harvesting of company credentials and session cookies for further compromise opportunities.
The Principle of Least Privilege: FBI Advice
The principle of least privilege, recommended by the FBI, involves disabling local admin accounts. The NSA also advises restricting administrative rights available to users of both Windows and MacOS operating systems. "Only allow designated administrator accounts to be used for administrative purposes," the NSA and FBI advice document states. So, what is the principle of least privilege, exactly?
It’s any method of ensuring that all users only have access to the specific resources they absolutely need to do their job at any particular time. Admin account access should only be available to those who need it for their work and nobody else.
Consumers can apply this principle by setting up an admin account protected by a strong password and a separate user account without admin rights. Use the user account for day-to-day computing needs, and if something potentially risky, such as installing software, is required, the operating system will ask you to enter your admin credentials.
Wikipedia provides examples, such as a user account that exists solely for creating backups, which wouldn’t need to install software and therefore should only have the rights necessary to run backup and backup-related applications.
Mitigating the North Korean IT Worker Threat: Advice from the FBI and Security Experts
The FBI advises disabling local administrator accounts and limiting privileges for installing remote desktop applications, as well as monitoring for any unusual network traffic. North Korean IT workers often have multiple logins into one account in a short period from various IP addresses, often associated with different countries.
The FBI also recommends implementing strict identity-verification processes during the interviewing and onboarding stages of hiring such workers, as well as continuing to do so throughout the employment lifecycle. Cross-checking HR systems for other applicants with the same resume content and/or contact information is also essential.
Following Department of Justice indictments against individuals allegedly involved in the North Korean remote IT worker hacking campaign, Michael Barnhart, Mandiant principal analyst at Google Cloud, stated that these legal actions aim to dismantle the support infrastructure and impose substantial obstacles to their continued success.
Mandiant also provided the following mitigation advice:
- Utilizing periodic and mandatory checks where remote workers are required to go on camera
- Continuous education programs for users and employees on current threats and trends
- Mandatory use of U.S. banks for financial transactions to interfere with malicious overseas activity, as the acquisition of U.S. bank accounts entails stricter identity verification than in many countries
Conclusion
The FBI’s warning is clear: disable local admin accounts to protect your business from the North Korean IT worker threat. By applying the principle of least privilege and following the FBI’s advice, you can significantly reduce the risk of your business being targeted by these malicious actors.
Frequently Asked Questions
Q: Why is it important to disable local admin accounts?
A: Disabling local admin accounts is essential to prevent unauthorized access to sensitive data and to reduce the risk of cyber-attacks.
Q: What is the principle of least privilege?
A: The principle of least privilege is any method of ensuring that all users only have access to the specific resources they absolutely need to do their job at any particular time.
Q: How can I apply the principle of least privilege in my daily life?
A: You can apply the principle of least privilege by setting up an admin account protected by a strong password and a separate user account without admin rights. Use the user account for day-to-day computing needs, and if something potentially risky, such as installing software, is required, the operating system will ask you to enter your admin credentials.
Community Mentorship Programs Help Strengthen Local Workforce and Social Impact
Low-Code Platforms are Changing How Businesses Build Internal Technology
Microlearning in Employee Training: A Practical Approach to Workplace Skill Development
Decision-Making Frameworks Improve Strategic Leadership and Organizational Clarity
Career Ladder Programs Strengthen Workforce Development and Employee Retention
Workplace Recognition Programs Improve Organizational Culture and Employee Engagement
Why Mental Endurance is Essential for Workplace Resilience
What Informational Interviews are and Why they Matter
How Emotional Intelligence Can Help You Manage Stress and Build Resilience
Interview with Dr. Kristy K. Taylor, WORxK Global News Magazine Founder
Sarah Herrlinger Talks AirPods Pro Hearing Aid
NetWork Your Way to Success: Top Tips for Maximizing Your Professional Network
Unlocking Human Potential: Kim Groshek’s Journey to Transforming Leadership and Stress Resilience
The Power of Belonging: Why Feeling Accepted Matters in the Workplace
Health-care stocks fall after Warren PBM bill, Brian Thompson shooting
Glenda Benevides: Creating Global Impact Through Music
-
Resiliency7 months agoHow Emotional Intelligence Can Help You Manage Stress and Build Resilience
-
Career Advice1 year agoInterview with Dr. Kristy K. Taylor, WORxK Global News Magazine Founder
-
Diversity and Inclusion (DEIA)1 year agoSarah Herrlinger Talks AirPods Pro Hearing Aid
-
Career Advice1 year agoNetWork Your Way to Success: Top Tips for Maximizing Your Professional Network
-
Changemaker Interviews1 year agoUnlocking Human Potential: Kim Groshek’s Journey to Transforming Leadership and Stress Resilience
-
Diversity and Inclusion (DEIA)1 year agoThe Power of Belonging: Why Feeling Accepted Matters in the Workplace
-
Global Trends and Politics1 year agoHealth-care stocks fall after Warren PBM bill, Brian Thompson shooting
-
Changemaker Interviews12 months agoGlenda Benevides: Creating Global Impact Through Music