There is a Growing Risk of Privilege Escalation – Here’s What You Need to Know

As organizations increasingly rely on large, complex cloud systems and remote workforces, they also increase their exposure to cyberattacks. Privilege escalation attacks are a growing threat that can hit any network.

To prevent such attacks, you must first know what privilege escalation attacks are, how they occur, and how to safeguard your cybersecurity.

What is Privilege Escalation?

Privilege escalation is a process in which a user with limited access privileges increases the scope and scale of their access permissions. With an authorized user, privilege escalation provides wider access for a short period of time to complete work duties before privilege is then revoked.

Privilege escalation attacks, on the other hand, are cyberattacks that provide unauthorized access to a system by exploiting a design flaw, bug, or configuration oversight to elevate access to data or applications that are usually protected.  Privilege escalation attacks can be vertical or horizontal.  They may also use one compromised identity to enter the network, and then use that identity to get another more privileged identity that already has privilege rights to access protected information.

With either possibility, an internal or external user is gaining unauthorized system privileges to steal information or cause damage.

How Does Privilege Escalation Work?

Malicious hackers typically perform privilege escalation tactics that rely on the manipulation of natural human behavior – social engineering techniques. The most common and familiar is phishing, which is a communication method that contains links. Once the user clicks on the link, their account is compromised and the network is exposed to threats.

Privilege escalation seeks out weak spots in an organization’s cybersecurity defenses to gain initial access with basic privileges and elevate them. This could include bypassing authentication protocols, gaining access to root accounts, executing arbitrary code on the server side, and so on.

The Difference Between Vertical and Horizontal Escalation

Privilege escalation attacks fall into two categories:

Horizontal privilege escalation occurs when an attacker gains access to the resources or privileges of another account at the same level of authority. For example, if a hacker gains access to another user’s account on the same system with similar permissions, they have horizontally escalated their privileges.

Vertical privilege escalation occurs when an attacker gains access to higher-level privileges than they were originally granted. For example, if a user with basic user-level permissions gains access to administrator-level privileges, they have vertically escalated their privileges.

Both horizontal and vertical privilege escalation can be used by attackers to gain unauthorized access to sensitive data or systems.

Understanding Privilege Escalation Attack Vectors

Malicious hackers are creative, finding newer ways to overcome robust cybersecurity measures. Here are some of the attack vectors:

Malware

This includes viruses, spyware, adware, ransomware, worms, and other unauthorized software with malicious intent. Malware can install resources through legitimate installers, supply chain weaknesses, and social engineering like phishing.

Misconfigurations

Configuration flaws are another opportunity for malicious hackers to exploit vulnerabilities. Typically, this occurs through blank or default passwords for administrators, insecure access that isn’t shored after initial installation, and undocumented backdoors. These can be managed by altering the existing deployment that mitigates the risk, such as changing the settings or automatic password rotation.

Vulnerabilities and Exploits

Any mistakes in code, implementation, configuration, or design can allow malicious activity to occur. They may involve the operating system itself, applications, infrastructure, transports, communications, and more. A favorite technique is to exploit uninstalled security patches, known and publicized vulnerabilities.

Social Engineering

Social engineering attacks exploit the inherent trust in communications. Well-written messages capitalize on human nature to trick users into divulging their passwords or other sensitive information. Phishing is still a prominent tactic to compromise systems. Attackers use deceptive methods to trick users into sharing their credentials, exposing the networks, or installing malware.

Employees and contractors can be trained to identify social engineering attempts to ensure that they don’t inadvertently provide access to malicious attackers.

Credential Exploitation

Commonly used credentials, such as a username and password, allow a user to authenticate themselves against a resource. If a malicious hacker gains the username, however, the password is merely a hacking effort, and passwords are easily guessed or compromised. The attacker will typically look for systems administrator accounts first, which provides direct access to sensitive information and makes the entire network vulnerable.

How to Reduce Your Business Risks from Privilege Escalation Attacks

Preventing privilege escalation attacks requires ongoing vigilance and proactive measures.

Establishing and enforcing stringent policies to manage user passwords reduces the risk of compromised credentials. Your security team should also have tools in place to audit passwords, identify and flag weak passwords, and implement strong authentication methods such as two-factor authentication (2FA) or multi-factor authentication (MFA).

Users should also be limited in their access to data and systems. This includes minimizing the number and scope of privileged accounts and keeping a log of activities, analyzing accounts to address risks and threats, and following the principle of least privilege. Authenticated users should only get access to the target system they need, only for the time needed to complete the task, and then have their privileges revoked so as to not be left open for exploitation.

Empower and train them to perform their tasks securely, report suspicious attachments, avoid weak passwords, and other known attack vectors.

Reduce Your Business Risk Against Privilege Escalation Attacks

Privilege escalation is a growing threat to cybersecurity, but you can stay ahead of it with robust cybersecurity measures with cybersecurity measures like privileged access management.

##

ABOUT THE AUTHOR

Joseph Carson is a cybersecurity professional with more than 25 years’ experience in enterprise security and infrastructure. Currently, Carson is the Chief Security Scientist & Advisory CISO at Delinea. He is an active member of the cybersecurity community and a Certified Information Systems Security Professional (CISSP). Carson is also a cybersecurity adviser to several governments, critical infrastructure organizations, and financial and transportation industries, and speaks at conferences globally.