What Is Privilege Escalation? Simplified In 6 Points
Introduction
An attack or an assault launched by persons with malicious intent using one network against other networks to disable computers, steal sensitive data, run unauthorized commands or use such breached computers as a base for other attacks against the organization is called a cyber attack. Ransomware, Phishing, Hacking, Data leakage, Privilege escalation, Malware are a few of the same.
- What is Privilege escalation?
- How Does Privilege Escalation operate?
- Importance of Privilege escalation
- Linux Privilege escalation
- Windows privilege escalation
- How to Protect Your Systems from Privilege Escalation
1. What is Privilege escalation?
In simple terms, it is a method employed by the user with an evil intent to gain control of computer privileges that otherwise won’t have been allowed to that particular user. Privilege escalation means getting access to a privileged account that is unsecured or has a security design flaw through illegitimate means. It is one of the most used forms of a cyber attack. Attackers initiate this attack by finding weak points in an organization’s defence systems like inadequate security control or software vulnerabilities and then gain access to a system.
2. How Does Privilege Escalation operate?
First and foremost, we need to understand there are two types of Privilege escalation. One is horizontal, while the other is vertical.
With horizontal privilege escalation, attackers remain on the same horizontal line, i.e. same user privilege level. In other words, they are on the same limited, restricted user authorization level, but they gain access to other data or workstations of the same level by impersonating the user of that workstation which would be normally be not authorized to the impersonating user. For example, one user accessing the bank account of another user on an e-banking site. one of the examples of compromising through e-commerce platforms which is very common is receiving mails like: “your account will be deactivated due to inactivity, please click this link to keep your account activated. “
Some of the organization programs or applications can be run by only top-level users, and that’s where vertical privilege escalation comes into play. Vertical privilege escalation, where the attacker begins from a less authorized user account with limited authorization and through that tries to move vertically to get access to upper-level users, mainly administrative users’ accounts, so as to exploit, misuse, steal sensitive information. Professional cybercriminals can also use such elevated privileges to hide their tracks by deleting their access logs.
3. Importance of Privilege escalation
An attacker’s motive may not be just to hack an organization’s small system or enter into the organization’s user system but what needs to be looked into is whether when this privilege escalation takes place is it a platform to weaken the organization defences by introducing malicious codes in the organization system. This means that whenever you detect or suspect privilege escalation, organizations need to be on high alert and look into any such suspicious event and whether such event is singular in nature.
Even if no other events are detected, an organization should not lose focus from the fact that there was a breach or an attempt to breach the security control of the organization. The organization should immediately put its internal controls on high alert.
4. Linux Privilege escalation
Escalation a privilege by moving from one user to another through the process of enumeration, which means finding weaknesses of the operating system so as to exploit them. Process of enumeration focus on identifying compilers like pythons, if any, retrieving data through directories, and scrutinizing software components such as web servers. The exploitation of Linus privilege can be done in two ways: Kernel exploits or by exploiting SUDO rights.
5. Windows privilege escalation
Some of the windows privilege escalation attacks other than Linus privilege escalation common in operating systems are :
- Access Token Manipulation
- Bypass User Account Control
- DLL search order hijacking
- Disallow loading of remote DLLs
- cross-site scripting
6. How to Protect Your Systems from Privilege Escalation
- Strong Password policies
- Regularly scan and update your systems and applications for vulnerabilities
- Remove unused user accounts to avoid giving attackers a point of entry
- Regular training of employees on how to complete their tasks securely
- Create specialized users, including administrators with minimum necessary privileges and file access
- Avoid common programming errors in your applications like code injections, unvalidated user input, buffer overflow.
- Ensure minimum authorized permissions for all files and directories by keeping few files READ ONLY which are not writable.
- Monitor and restrict all file transfer functions such as FTP, TFTP, CURL and restricting to top-level management only
- Periodically change user credentials on all devices, including routers and printers.
Conclusion
In conclusion, Privilege escalation, if implemented successfully, can really hamper business continuity or going concern plan. Organizations today need to seriously include proper security protocols which will specifically overlook these kinds of attacks. It can be a task to distinguish between a routine error and an intentional error on a day to day basis. Hence, organizations need to build an efficient internal control system and competent people to supervise it.
So, have you made up your mind to make a career in Cyber Security? Visit our Cyber Security Courses for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give you an edge in this competitive world.
