PAM360 »
Last updated date : 10 May 2024

What is privilege escalation?

The scope of permissions associated to a user depends on how privileged the user role is. Some of the privileged roles in an organization include the system administrators, payroll administrators, IT help desk technicians, and network and database administrators. These employees use privileged accounts to gain access to their respective target endpoints. Since privileged accounts enable elevated access to critical systems, enabling fine-grained permissions right at the user level or group level ensures secure access to privileged endpoints. However, if these privileged accounts are exposed to malicious insiders or external attackers, it can spell doom to the overall security of the enterprise.

Types of privilege escalation

Privilege escalation can be carried out for a role of any level of permission. There are two methods to escalate privileges:

  • 01

    Horizontal privilege escalation allows a user to gain permissions of a fellow user with the same privileges to gain access to personal information. However, the challenge is that this might be a standard user account with basic privileges and the hacker will need to elevate their privileges to perform higher level actions.

    For example, an employee using a fellow user's credentials to access critical information aims to impersonate the users with the same privileges. Despite having similar access permissions, impersonating a fellow employee gives the attacker access to that employee's PII. This type of escalation is usually carried out using social engineering techniques.

  • 02

    Vertical privilege escalation is when a user with non-administrative permissions gains access to administrative permissions, which are otherwise unavailable. Vertical privilege escalation provides direct access to critical enterprise resources without having to request for elevated account privileges.

For example, a user with standard privileges gaining access to a user account with relatively higher privileges can view and modify confidential data about every employee. This is a privileged action that is usually not under the purview of the standard user.

How does privilege escalation work?

Privileged accounts are the gateways to critical information and inadequate security over them will take a toll on both revenue and reputation of the enterprise. During a privilege escalation attack, hackers initially target standard user accounts to acquire bare minimum privileges. However, these accounts don't suffice when it comes to carrying out activities that require higher privileges. So, how does a bad actor navigate further into the sensitive areas of the organization?

Let's consider the following example: When a non-admin user is granted temporary privileges to perform high-level actions like adding or deleting users, executing privileged commands, or running customers reports, it is important that the access permissions are revoked once the intended task is completed. These permissions are susceptible to phishing or social engineering attacks and, if one of these attacks is successful, an unauthorized user can gain access. Additionally, a higher number of privileged accounts raises the chances that one of these will be targetted to perform nefarious activities over the enterprise network.

Privilege escalation for Windows

The domain accounts of Windows resources host all critical information and are considered "super admin accounts." When an attacker has access to one of these accounts, there is direct control over the highest access levels. This allows leeway to deploy malware on the Active Directory and establish control over all critical assets of the enterprise.

For example, active sessions in Windows machines use access tokens that provide information on the owner's role and privileges. The majority of the Windows privilege escalation attacks involve exploiting these access tokens to impersonate a logged-in user and carry out high-level actions.

Privilege escalation for Linux

An attacker aiming to implement Linux privilege escalation will first try to decode the credentials of the root user since it has the highest privilege to access data. Alternatively, hackers prefer to target accounts with SUDO privileges (the highest privilege to access resources) to laterally navigate the enterprise network. Accomplishing this task makes taking control over confidential information child's play.

For example, threat vectors initially target the Linux shell to perform a privilege escalation. Once done, they employ enumeration techniques to initiate basic operations on systems to discover paths to SUDO privileges and to impersonate a root user to carry out nefarious activities.

How can privilege escalation impact the functioning of an organization?

Privileged accounts are the keys to the kingdom; when privileged accounts are shared between multiple users and there's no monitoring of their use, they're more at risk of being used by a malicious actor. These threat actors attempting privilege escalation will try to:

  • Gain unlimited access to critical information.
  • Modify data by impersonating an administrative user.
  • Manipulate access-level controls of various users.
  • Create loopholes for effortless data exfiltration during future attempts.

 

These backdoors, when successfully deployed, allow hackers to bypass default authorization channels and elevate permissions without any hassle.

How can enterprises effectively prevent privilege escalation attacks?

Mitigating privilege escalation attacks calls for deploying efficient access management tools. Here are some access management best practices to prevent privilege escalation

  • Consolidate privileged account credentials under a central console.
  • Enforce MFA to ensure an added layer of security for access to critical information.
  • Apply the lowest level of access privileges by assigning the bare-minimum privileges for user accounts based on their roles to prevent unauthorized access to sensitive endpoints. If these users require higher privileges, they can be provided temporary admin access to sensitive resources.
  • Facilitate secure sharing and rotation of credentials, and eliminate hard coding of passwords in plain-text formats.
  • Prevent unauthorized access to critical endpoints by implementing request-release mechanisms that mandate an admin's approval before granting permissions.
  • Grant fine-grained access to run and execute allow-listed applications and SSH commands.
  • Implement just-in-time privilege elevation to grant users elevated access to resources only based on need, and revoke permissions after a stipulated period.

Combating privilege escalation attacks with ManageEngine PAM360

Exhibiting a strong security posture requires continuous effort. Ensuring a reduced attack surface helps enterprises further reduce the risk of a data breach.

ManageEngine PAM360 helps organizations combat privilege escalation attacks with granular least privilege access controls, such as role-based access, policy-based access, dynamic trust scoring, just-in-time privilege elevation, and application and command control. PAM360's comprehensive Zero Trust controls helps enterprises ensure zero standing privileges and secure their privileged access routines against emerging threats.