Sign up to save your podcasts
Or
Share What is privilege escalation? Types, techniques and prevention
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
What is privilege escalation? Types, techniques and prevention
When attackers attempt to steal data, having insider access to a system is their best bet. And if that insider access is gained through a privileged account that holds the keys to critical systems and data, that would be like hitting the jackpot—but only for the attackers. This is why we consider privilege escalation, the attempt to compromise an account and then expand its privileges, a key component of nearly all advanced cyber attacks.
Let's now explore privilege escalation, along with its different types, common techniques used by attackers and defenders to achieve it, and what organizations can do to mitigate this very common, and very dangerous, cybersecurity threat.
What is privilege escalation?
In order to enter a network and reach their final objective—data exfiltration—cyber attacks typically follow a sequence of techniques. During the first stage, reconnaissance, attackers plan and research a prospective target by gathering personal or company information. And to gain more intel about the target, phishing emails are often used.
Using the information gathered and analyzed, the attacker can successfully compromise a system, usually by gaining access with a low-level account. In this scenario, and phase of the cyber attack life cycle, attackers look around the network, map it and search for exploitable vulnerabilities. The level of access they have in this phase won't get them to the desired data, so they would need to obtain access to more sensitive information and other parts of the system. This is when attackers attempt privilege escalation to gain more permissions—privileges and access to additional systems.
"Privilege escalation", therefore, is defined by the techniques and activities attackers use to gain elevated permissions and access to a system, network or applications. Attackers exploit vulnerabilities, system weaknesses and misconfigurations after they've successfully compromised the system through a low-level account, and now need to heighten their privileges to study the system and carry out the cyber attack. Generally, any violation of set boundaries for account and user permissions is considered a privilege escalation.
Unfortunately, attackers often have a clear pathway for privilege escalation with organizations burdened by inadequate security controls and measures. These include the lack of enforcing the least-principle privilege, which states that a user should be given only those privileges needed to complete their tasks and nothing more.
Privilege escalation exploits are pieces of code that release a payload focusing on finding known vulnerabilities CVEs in the target system. Executing that exploit will allow attackers access to sensitive data and the ability to corrupt, destroy or steal it and disrupt business operations, or simply remain in the network to execute further attacks and establish persistence.
How many types of privilege escalation are there?
There are two main types of privilege escalation: horizontal and vertical.
Vertical privilege escalation
Vertical privilege escalation can best be illustrated with a look at a phishing email. Take, for example, the standard email message that appears to come from a service or website you use: "We have noticed unusual activity from your account. Please click this link and log in to verify your identity". If you were to actually fall for this, and click that link to log in, you would likely be taken to a webpage mimicking the authentic website, where once you input your credentials, the attacker would be able to use them and gain access directly to your account. The attacker could then perform the same actions you and your account have permissions for.
This type of privilege escalation is the "easier" of the two, as it doesn't entail elevating permissions. Attackers don't work by upgrading the privileges of the account they've compromised, they simply use the privileges granted with that account.
Horizontal privilege es...
View all episodes
By SecurityTrailsWhen attackers attempt to steal data, having insider access to a system is their best bet. And if that insider access is gained through a privileged account that holds the keys to critical systems and data, that would be like hitting the jackpot—but only for the attackers. This is why we consider privilege escalation, the attempt to compromise an account and then expand its privileges, a key component of nearly all advanced cyber attacks.
Let's now explore privilege escalation, along with its different types, common techniques used by attackers and defenders to achieve it, and what organizations can do to mitigate this very common, and very dangerous, cybersecurity threat.
What is privilege escalation?
In order to enter a network and reach their final objective—data exfiltration—cyber attacks typically follow a sequence of techniques. During the first stage, reconnaissance, attackers plan and research a prospective target by gathering personal or company information. And to gain more intel about the target, phishing emails are often used.
Using the information gathered and analyzed, the attacker can successfully compromise a system, usually by gaining access with a low-level account. In this scenario, and phase of the cyber attack life cycle, attackers look around the network, map it and search for exploitable vulnerabilities. The level of access they have in this phase won't get them to the desired data, so they would need to obtain access to more sensitive information and other parts of the system. This is when attackers attempt privilege escalation to gain more permissions—privileges and access to additional systems.
"Privilege escalation", therefore, is defined by the techniques and activities attackers use to gain elevated permissions and access to a system, network or applications. Attackers exploit vulnerabilities, system weaknesses and misconfigurations after they've successfully compromised the system through a low-level account, and now need to heighten their privileges to study the system and carry out the cyber attack. Generally, any violation of set boundaries for account and user permissions is considered a privilege escalation.
Unfortunately, attackers often have a clear pathway for privilege escalation with organizations burdened by inadequate security controls and measures. These include the lack of enforcing the least-principle privilege, which states that a user should be given only those privileges needed to complete their tasks and nothing more.
Privilege escalation exploits are pieces of code that release a payload focusing on finding known vulnerabilities CVEs in the target system. Executing that exploit will allow attackers access to sensitive data and the ability to corrupt, destroy or steal it and disrupt business operations, or simply remain in the network to execute further attacks and establish persistence.
How many types of privilege escalation are there?
There are two main types of privilege escalation: horizontal and vertical.
Vertical privilege escalation
Vertical privilege escalation can best be illustrated with a look at a phishing email. Take, for example, the standard email message that appears to come from a service or website you use: "We have noticed unusual activity from your account. Please click this link and log in to verify your identity". If you were to actually fall for this, and click that link to log in, you would likely be taken to a webpage mimicking the authentic website, where once you input your credentials, the attacker would be able to use them and gain access directly to your account. The attacker could then perform the same actions you and your account have permissions for.
This type of privilege escalation is the "easier" of the two, as it doesn't entail elevating permissions. Attackers don't work by upgrading the privileges of the account they've compromised, they simply use the privileges granted with that account.
Horizontal privilege es...