Privilege escalation is a technique that malicious actors use to gain elevated privileges on a system or network. This is typically done by exploiting vulnerabilities, misconfigurations, bugs or weak security controls.
No system or network is immune to privilege escalation attacks. Some attacks using escalated privileges can be as simple as using a stolen password to log in with greater permissions. Others may be more sophisticated, requiring the attacker to bypass several authentication and authorization layers to gain administrative privileges.
Organizations typically use an authorization system to define distinct roles for users based on their specific job responsibilities. Each role describes the actions that users or user groups are authorized to perform on designated resources or data.
For example, an “engineer” role may allow software engineers to push code, trigger pipelines, retrieve application logs and read data from a database. Similarly, a “production engineer” role may allow production engineers to deploy code, start and stop applications, and submit support tickets. Moreover, an administrator role may encompass the privileges of both the above roles and more.
A privilege escalation attack occurs when an unauthorized user manages to elevate their access beyond their assigned role. This can be done by exploiting a vulnerability in the authorization system to elevate to administrator privileges, stealing admin credentials via social engineering or finding a way to inherit permissions from another role.
Privilege escalation attacks can have severe consequences. Once hackers obtain elevated privileges, they can perform a range of unauthorized actions, such as deleting databases, installing malware, stealing sensitive files or disabling crucial services. Moreover, they may leverage their newfound access to launch other attacks, like ransomware or distributed denial-of-service (DDoS) attacks.
There are two types of escalation methods:
Vertical privilege escalation is when a cybercriminal manages to obtain higher-level privileges on a system. In simple terms, it refers to the process of moving vertically up the permission ladder, from a lower-level role to a higher-level role.
The goal of most vertical escalation efforts is to gain root or administrative access. These elevated privileges allow the cybercriminal to bypass many security restrictions and controls and virtually take over the entire system.
While new techniques for vertical privilege escalation continue to emerge, the following methods remain consistently prevalent:
Hackers may exploit a weak or misconfigured authentication system to gain unauthorized access to an account with higher privileges. For example, they may execute a brute-force attack on the login system to extract the credentials of an administrator. This is why cybersecurity is continuously evolving toward strong authentication and advanced authentication security models.
Malicious actors may exploit known vulnerabilities in unpatched software or applications to elevate their privileges. For example, they may leverage a bug in the database engine to assume a privileged role and truncate essential tables.
Misconfigurations are another common way of elevating privileges. For example, a poorly configured Identity and Access Management (IAM) system may allow anyone to assume the administrator role after performing multi-factor authentication (MFA).
Attackers may use phishing tactics to trick authorized users into revealing their credentials, or performing actions that grant additional privileges to the attacker. For example, they may send an email to an administrator that may contain a malicious attachment. Opening the attachment may execute malicious code, allowing the attacker to access the administrator’s account.
Attackers may discover and exploit flaws in the systems used to manage user access control. For example, they may manipulate input fields or URLs to access restricted resources or functions meant for higher-level roles.
Hackers with physical access to a system or network can directly inject code or run malicious scripts to elevate privileges. For example, they may abuse flawed sudo configurations to conduct a Linux privilege escalation attack. Or they may execute a PowerShell script that tweaks registry rules to perform Windows privilege escalation on a Windows machine.
In horizontal privilege escalation, an attacker tries to gain the privileges of another user account at the same level of the role hierarchy. In other words, it allows an attacker to compromise other users with similar privileges.
Horizontal privilege escalation is particularly concerning because it allows attackers to move laterally across an infrastructure, potentially compromising several accounts and resources.
Some vertical and horizontal privilege escalation techniques can overlap. For example, social engineering, misconfigurations, brute-force attacks and malware can be used to perform both vertical and horizontal privilege escalation.
With that said, here are some techniques that are commonly used specifically for vertical privilege escalation:
Hackers may exploit weaknesses in session management to take over sessions of other authenticated users. For example, a hacker may perform an SQL injection on a web application to retrieve credentials of other signed in users.
By intercepting and tampering with cookies or session tokens, malicious actors can impersonate other users. For example, they may leverage a flaw in a server’s operating system to steal another user’s token and use it to seamlessly log in to the desired application.
CSRF (Cross-Site Request Forgery) is a cyberattack in which a hacker tricks a user into executing an unwanted action on a website or application. CSRF attacks are an example of the confused deputy problem, where a hacker manipulates an authorized system entity (the deputy) to perform actions on the hacker’s behalf.
In some situations, users or systems may share the same credentials for convenience, or due to poor security hygiene. While this may seem harmless, it presents a significant security risk, as it allows attackers to use the same set of credentials to move laterally across a system or network.
No system or network can be considered completely impervious to privilege escalation. However, the following best practices and preventive measures can make it significantly harder for anyone to elevate privileges:
Adherence to the principle of least privilege solves several problems that can allow malicious actors to utilize escalated privilege. The principle dictates that nobody has more rights than they need to do their jobs. This limits the potential damage from compromised accounts.
Implement strong authentication mechanisms, like adaptive MFA or passwordless authentication, to make unauthorized access harder.
Keep your applications and systems up to date, so that any known vulnerabilities or bugs are resolved quickly. Developing a robust, automated patch management system can also help in this regard.
Ensure that your applications, systems and networks are properly configured. You can use purpose-built tools to detect any misconfigurations in your infrastructure. For example, the AWS IAM Access Analyzer helps you validate IAM policies.
Educate your employees regarding the risks of privilege escalation and the importance of following security protocols. Promote good password hygiene, which includes setting complicated passwords that are not shared among users or applications.
Isolate critical systems and sensitive data from public-facing or less secure areas of the network. Moreover, implement network segmentation to reduce the chances of lateral movement.
Adopt a zero-trust model, in which trust is never assumed, and anyone trying to access a resource is required to prove their identity.
Use modern tools, like Security Information and Event Management (SIEM) solutions and Intrusion Detection Systems (IDS), to monitor user activity and respond to potential incidents.