Everything you need to know about privilege escalation threats
Today’s IT systems are designed to support multiple user accounts, each of which provides the user with a specific set of abilities called privileges. These privileges may include accessing certain hardware or applications, viewing or editing files, and making modifications to the IT system. High-level privileges, such as those held by IT administrators, often provide greater access and control over the system than lower-tier privileges, such as those given to guest users, do.
What is privilege escalation?
In privilege escalation, an attacker exploits errors, vulnerabilities, and configuration oversights in an operating system to access IT resources and areas beyond what their privileges normally allow. For instance, cybercriminals who have stolen a low-level employee’s user account credentials can use privilege escalation techniques to gain abilities reserved only for members of the company’s IT team.
Privilege escalation is rarely the end goal for cybercriminals — rather, it is often one of the initial steps toward various malicious activities. When successful, it gives crooks greater control over the victim’s IT system, enabling them to access sensitive data and disable key security measures. They can then more easily plant malware, commit data theft, and launch more specific cyberattacks.
There are two types of privilege escalation, namely vertical and horizontal. Vertical privilege escalation involves someone with low-level privileges attempting to gain higher ones. Horizontal privilege escalation, on the other hand, involves someone with high-tier privileges trying to access company resources that are outside their normal area of responsibility. For instance, a cybercriminal may use IT admin privileges to access the company’s bank accounts.
Privilege escalation is rarely the end goal for cybercriminals — rather, it is often one of the initial steps toward various malicious activities.
How can you prevent privilege escalation?
Preventing privilege escalation can save your company from the reputational and financial damage caused by cyberattacks. To do this, you will need a two-layered approach that addresses the various privilege escalation techniques used by cybercriminals.
Layer 1: Employees/Users
In many cases, cybercriminals must first gain access to your employees’ credentials. You can address this risk with the following steps:
1. Enforce the principle of least privilege
Give your employees access to only the specific resources they need to accomplish their tasks. For example, HR staff should not be able to reconfigure IT security. This limits the amount of data that cybercriminals can access and prevents them from easily moving laterally across your network.
2. Implement password best practices
Sometimes, cybercriminals can steal user accounts by simply guessing the owner’s password. Prevent this by requiring your staff to follow password best practices, including:
- Creating passwords that are at least 12 characters long and composed of letters, numbers, and special characters
- Using a unique password for each of their online accounts
- Never keeping their passwords in notebooks, memo pads, word and text documents, and other media that can be easily seen or stolen
You can also use password managers like LastPass and Dashlane to make creating, storing, and updating passwords easier. To further boost account security, implement multifactor authentication where possible. This requires users to submit several proofs of their identity before they can enter online accounts or access resources, preventing cybercriminals from getting far across your network even with stolen passwords.
3. Train your staff
Cybersecurity awareness training can help your staff avoid mistakes that can lead to cyber incidents and turns them into valuable assets for your company’s cybersecurity.
Layer 2: Applications
Cybercriminals may also exploit vulnerabilities in your business applications to infiltrate your network. You can address this risk through the following methods:
1. Update your applications regularly
Software manufacturers typically release patches for errors, bugs, and security vulnerabilities in their products. You should install these updates the moment they become available to prevent cybercriminals from abusing these flaws at your company’s expense.
2. Review and correct permissions
Make sure that the access permissions on all of your company’s files, directories, and servers can be accessed only by the right users.
3. Remove unused user accounts
Regularly audit current user accounts and delete those created for former employees. Unused accounts can be used by cybercriminals as entry points and may also be utilized for insider attacks.
Privilege escalation is a complex issue that poses immense risk to your organization. At [company_short], our cybersecurity specialists can help by uncovering weaknesses in your IT infrastructure and developing strategies to effectively address these. Start taking steps against privilege escalation by contacting our IT experts today.