Identifying & Avoiding Privilege Escalation Attacks

Close up photo of a cyber attacker's eyes as he attempts to use privilege escalation to gain unauthorized access to a company's network.

The internet has opened a world of possibilities for how we work. With those opportunities has also come the boundless threat of cyberattacks. In this article, we’ll explore the attack method known as privilege escalation and share key considerations for strengthening your company’s defenses.

What is Privilege Escalation?

Privilege escalation is a technique where an attacker harms a system to gain unauthorized access. It can happen in a variety of ways, such as stolen passwords, misconfigurations, malware, or social engineering. In the end, the attacker gains considerably more access than they were originally offered. Think of it like someone stealing your garage door opener. They not only have access to your garage, but once they can enter it, they also have access to the door leading into your house.

Vertical vs. Horizontal Privilege Escalation Attacks

There are two main types of privilege escalation: vertical and horizontal.

  • Vertical Escalation: A low-privilege user or application gains access to functions or content reserved for higher-privilege users. For example, if someone acquires the password to your smartphone, they gain access to a device they wouldn’t normally be able to access. It’s like moving from the bottom (no access) to the top (full access).
  • Horizontal Escalation: An attacker gains access to the functions or content of other users, significantly expanding their control. After compromising a user’s account (often through a malicious email link), they can use vertical escalation to gain administrator rights on that computer. From there, horizontal escalation allows them to move across the network, compromising other devices. This combination of vertical and horizontal escalation is known as lateral movement.

How is Privilege Escalation Being Executed Today?

shadowy image of a hacker with green alphanumeric symbols around him representing code. Mimikatz is a popular tool for executing privilege escalation. After infecting a user’s computer, attackers use Mimikatz to gain admin privileges on it. Then, they move throughout the network gaining even more privileges. Given enough time, the attacker will often reach their ultimate access goal of gaining domain admin privileges. Not only could they delete valid user accounts, but they could access servers where vital information is stored.

The Center for Internet Security (CIS) has even more in-depth information on Mimikatz and covers the variety of ways it can be used to harm users and networks.

Preventing Privilege Escalation Attacks

Privilege escalation is just one of the latest in a long line of ways bad actors utilize the internet for malicious purposes. It can be easy to fear an attack is imminent and that your information is at risk no matter what you do to prevent it. However, t there are several proactive steps your company can take to reduce the risk.

Be cautious with suspicious emails.

Most attacks are the result of clicking something you shouldn’t in an email. This is known as social engineering and involves tricking someone into sharing dangerous information or clicking a malicious website link. This allows an attacker to bypass other security measures and land squarely inside the network. If an email or text seems suspicious, assume it is. It’s best to alert your network security team and not click or reply to the message. Every business should have a social engineering policy in place, and it’s essential to ensure all employees are familiar with it.

Follow password best practices.

You probably can’t count all the places where you need to remember a password and it can be difficult to hold on to all that information. But it is so important to avoid re-using the same passwords or using passwords that are simple to crack. An attacker would only need to know a little bit about you to eventually crack a password like “SpotIsMyGoldenRetriever.” A stronger option like “5p0t15MyG01d3nR3tr13v3r!” still allows you to use a phrase you can remember but is much harder to compromise. Make sure your passwords align with your organization’s security policies.

Perform regular network vulnerability scans.

We often insulate and inspect our homes to prepare for the threats of winter. So too is it important to scan your network for vulnerabilities to ensure you aren’t leaving footholds open for the threat of attackers. A scan will help you find unpatched systems, misconfigurations, and other flaws before an attacker does.

You won’t notice something is wrong unless there is a way to see what is happening. If an attacker gets in, being able to see network traffic that seems suspicious can help escalate efforts to thwart their attempts. Monitor unusual behavior, such as a user account accessing content reserved for senior management, to identify when a compromise has taken place. Having a baseline of what “normal” looks like makes it much easier to detect suspicious patterns.

Avoiding the Escalator

The end goal is to make it as difficult as possible for the bad guys. If you can slow an attack down, you’ll have more time to detect and respond before significant damage occurs. Ensure you have adequate backups, firewall deployments, and proper network segmentation to slow their advances to a crawl.

If you’re concerned that your organization’s network security might have gaps, you are probably right. The team at Applied Technologies utilizes several powerful security audit tools to develop risk and vulnerability assessments that help clients identify and fill the cracks to prevent a costly and dangerous attack. Reach out to take the first steps toward securing your company’s people, operations, and valuable data. Contact us today to schedule a Network & Cybersecurity Vulnerability Assessment.