Privilege escalation is a method that threat actors use to increase their access to systems and data that they aren't authorized to see.
This guide to privilege escalation attacks covers the two main types, the avenues attackers use, and detection and prevention methods.
The main two forms of privilege escalation are vertical and horizontal.
Both require threat actors to steal credentials or perform some other kind of attack to gain access to the privileged account.
Vertical privilege escalation involves a threat actor traveling from a lower-level account to a higher-level account.
Horizontal privilege escalation involves traveling between similar permission levels to log into a different or unauthorized account.
The following attack vectors vary in their ease of exploitation, but all of them reveal weaknesses in enterprise IT systems and the talent of advanced threat actors.
Known backdoors are a threat; some allow attackers to enter the system without an obviously intrusive threat signature.
In a credential stuffing attack, a threat actor will attempt multiple commonly-used and known passwords, usernames, or both to see if they work.
Computer systems and networks that use default or factory credentials for servers and applications are more susceptible to this kind of attack.
The attackers can then use these credentials to begin the privilege escalation process, depending on the credentials' permissions levels.
Aside from lone attackers, multiple known threat actor groups have been identified using the following privilege escalation attacks: Turla, Whitefly, LAPSUS$, and Carberp.
Cyberattack group Whitefly used open-source software to exploit an already-known privilege escalation weakness within Windows machines.
Segmenting your business's network, granting team members dynamic access to applications, updating passwords, and consistently training employees will reduce the impact of tactics like privilege escalation.
While changing passwords takes time, it's a long-term investment that will reduce your business's overall attack surface.
If you're actively being affected by a privilege escalation attack, or suspect that you might be, take the following steps, including notifying your team, changing key credentials, disabling accounts, and checking for malware.
Even if it's a false alarm, practicing this process is still a good procedure to ensure your team is prepared for a real attack.
Even a suspicion should be reported - privilege escalation can result in major damage to the company.
Fending off privilege escalation attempts requires IT teams to be very clever and very aware of their networks, systems, and applications.
Making attackers' jobs more difficult doesn't eliminate privilege escalation attacks, but it sets a baseline for IT and security teams and prepares them to take more advanced strides to preventing breaches.
This Cyber News was published on www.esecurityplanet.com. Publication date: Fri, 08 Dec 2023 22:13:04 +0000