The FBI just put out this public announcement, totally obvious to anybody in the security realm that you should disable local admin accounts. They said North Korean IT workers have been observed using artificial intelligence and face-swapping technology during job interviews to obfuscate their true identities. The FBI has provided examples where people have hired North Korean remote IT workers, giving them access to a machine that had local admin accounts. They were then able to escalate and use exploits to get admin access on the computer and thus exfiltrate information and get admin access on the whole network and wreck the person that just hired them.
If you think about this in the context of MSP and technicians, if you employ remote technical workers for an MSP and you give them access to your clients’ networks, you need traceability, logging, you’ll disable the local admin access, you need to give admin access just when necessary. Let’s jump down a little rabbit hole right here of deep fake, Chat GPT, face swapping, voice, and translation technology, have all taken such leaps forward in the last 3 to 5 years that you need to vet and make sure the remote workers are who they say they are and to disable the local admin accounts, which is what the FBI says about this whole thing; that’s the headline in this article.
Disabling local admin accounts was merely one step in a whole series of steps that failed, resulting in loss of control of their networks. We at TechIDManager, can’t help with verifying somebody as who they are, say they are when they’re using deep fakes and face-swapping technology during an interview when you hire them. But all those points after the hire, we can get the traceability, the security that you need to help.
Want to know more about TechIDManager? Schedule some time with us!
