What is Privilege Escalation? How Can It Pose A Threat?

What is Privilege Escalation? How Can It Pose A Threat?

What is privilege escalation? How can it pose a threat to your enterprise? Which capabilities should your security team seek out to mitigate the effects of privilege escalation? 

Privilege escalation refers to a dangerous cybersecurity exploit, which might arise from unpatched vulnerabilities, database or login misconfiguration, or simply a lapse in human judgement. Through this exploit, a user (or a hacker using their credentials) can elevate their privileges above what they might typically possess. A hacker could thus conduct a privileged access attack even if they only compromise a regular user account. 

This may seem harmless on the surface. However, escalated privileges (an example of the ever present problem of access creep) can put your business in jeopardy. After all, with power privileges, a user can perform all kinds of unauthorized actions. For example, a hacker could delete or download sensitive data, alter work processes, or install unwanted programs. Worse, if a hacker escalated a stolen accounts’ privileges to an IT level, they could inflict downtime and thus costly monetary losses.

As a side note, the usual conversation on privilege escalation focuses on vertical escalation (elevating privileges to those of a higher rank in the network). However, a horizontal move could prove devastating as well; with the right combination of privileges, hackers could achieve all sorts of malicious goals. 

Obviously, malicious privilege escalation ends up a critical component in many cyber attacks. So why do so many enterprises struggle with preventing these kinds of attacks? 

Privilege Escalation Can Prove Hard to Spot

Sometimes, privilege escalation takes advantage of a bug in the operating system. Other times, it exploits unmonitored temporary-permissions-request systems or other embedded access granting processes. Moreover, it could come from a simple misconfiguration or an unpatched hole in your security network. 

Regardless, hackers take advantage of a gap in your security monitoring to elevate normal privileges. Therefore, traditional identity management tools may not detect a problem or signs of suspicious activity until it is too late. 

Therefore, you need a next-generation privileged access management and identity governance and administration solution. How can they help? 

Privilege Escalation Prevention and Mitigation

First, you should make sure you know which users attempt to escalate their privileges and for what reasons. This may involve calling upon capabilities such as privilege escalation monitoring and role management. The former alerts your security team if a user escalates their privileges at any time, ensuring that suspicious behavior is caught immediately. Meanwhile, the latter bestows users with a set of permissions befitting their station and limits how they can escalate those privileges. Both enforce the Principle of Least Privilege, a cybersecurity concept which states that users should only possess the permissions they absolutely need to perform their jobs. 

Second, you should limit the methods by which users or external actors could escalate their privileges unilaterally. This means discovering and closing off unpatched vulnerabilities and spending threat hunting time discovering misconfigurations. 

Also, this means setting up automated permissions granting protocols for temporary projects that can be granted or denied in a simple, easily traceable fashion. Those permissions should also come with strict limitations on what permissions users can simply request themselves, as well as strict time limits on how long they can use them. 

Finally, elevating privileges should allow any user free range throughout the enterprise. Each privilege should remain limited by the role typically needing it and that role’s department. No user should have unilateral power to make sweeping changes, such as changing workflows or rewriting the IT environment. Further, even privileged users should verify their identities when accessing sensitive data via step-up authentication. 

What Should You Seek Out

Check out our Privileged Access Management Buyer’s Guide and our Identity Governance and Administration Buyer’s Guide for two different perspectives on solving this challenge. 

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner