Privilege escalation is a type of network attack used to gain unauthorized access to systems within a security perimeter.
Attackers start by finding weak points in an organization’s defenses and gaining access to a system. In many cases that first point of penetration will not grant attackers with the level of access or data they need. They will then attempt privilege escalation to gain more permissions or obtain access to additional, more sensitive systems.
Horizontal vs. Vertical Privilege Escalation
There are two types of privilege escalation:
- Horizontal privilege escalation — an attacker expands their privileges by taking over another account and misusing the legitimate privileges granted to the other user.
- Vertical privilege escalation — an attacker attempts to gain more permissions or access with an existing account they have compromised. For example, an attacker takes over a regular user account on a network and attempts to gain administrative permissions or root access.
By taking over a low-level user account and either abusing excessive privileges, or increasing privileges, a malicious attacker has an entry point to a sensitive system. Attackers might dwell in a system for some time, performing reconnaissance and waiting for an opportunity to deepen their access. Eventually, they will find a way to escalate privileges to a higher level than the account that was initially compromised.
Depending on their goal, attackers can continue horizontally to take control of additional systems, or escalate privileges vertically, to gain admin and root control, until they have access to the entire full environment.
Here are the most important attack vectors used by attackers to perform privilege escalation:
1. Credential Exploitation
Single factor authentication leaves the door wide open to attackers planning on performing privilege escalation. If attackers obtain a privileged user’s account name — even without the password — it is a matter of time before they obtain the password. Once they obtain a working password, they can move laterally through the environment undetected. For eg, password exposure, password guessing, shoulder surfing, dictionary attacks, brute force attacks, password spraying, security questions, credential stuffing,
2. Vulnerabilities and Exploits
Attackers can perform privilege escalation by exploiting vulnerabilities in the design, implementation, or configuration of multiple systems — including communication protocols, communication transports, operating systems, browsers, web applications, cloud systems, and network infrastructure.
3. Misconfigurations
Privilege escalation very commonly results from misconfiguration, such as failure to configure authentication for a sensitive system, mistakes in firewall configuration, or open ports.
Here are a few examples of security misconfigurations that can lead to privilege escalation:
- Cloud storage buckets exposed to the Internet with no authentication.
- Default passwords used for admin or root accounts (this is common for IoT devices).
- Insecure defaults for a newly installed system, which are not changed due to negligence or lack of knowledge.
- Backdoor into the environment which was known to administrators but not documented and is discovered by an attacker.
4. Malware
Attackers can use many types of malware, including trojans, spyware, worms, and ransomware, to gain a hold on an environment and perform privilege escalation. Malware can be deployed by exploiting a vulnerability, can be packaged with legitimate applications, via malicious links or downloads combined with social engineering, or via weaknesses in the supply chain.
Thanks for taking out time to read this! Do Clap if you liked it. See you next time!
Till then do connect with me on Linkedin.