Cyber Explainer: Privilege Escalation

A hacker's strategic first-step towards infiltrating the network, this type of threat promises much greater rewards

privilege escalation

In this new series, “Cyber Explainer,” Interset breaks down the five most damaging types of threats facing enterprises, then details the five most effective cyberattack methods criminals use to exact them. For this third installment, we look at privilege escalation, a tactical first step towards reaching bigger targets. 

What It Means
A cyber attacker’s first step can be remarkably simple: Enter a network using any credentials, no matter how modest their access may seem. Because once credentials have been compromised, that hacker can then pave an exploit path, using this log-in for additional ingress into the network. This is called privilege escalation: It can be done horizontally (leveraging the initial compromised account to access users with similar privileges) or vertically (doing recon to find network vulnerability in web apps, for instance, that can elevate access).

Where You’ve Seen It
Dirty Cow, a Linux vulnerability, is a privilege-escalation bug currently behind several fraud and malware scams impacting Android phones. Earlier this year, the Sednit hacker group reportedly instigated a phishing attack in France on then–presidential candidate Emmanuel Macron, manipulating a zero-day exploit in Windows which enabled privilege escalation.

How to Stop It
Once a threat becomes local, it’s significantly more covert. Security patches can’t always keep pace with hacker discoveries, so behavioral analytics are essential to spotting privilege escalation in the act. These cybersecurity platforms spot a thief poking around horizontally or vertically, because those actions will stand-out as atypical. With AI/machine learning, analytics grow even sharper and swifter: looking at the behaviors of each entity (users, machines, files, servers, IP addresses, and so on), then comparing those entity behaviors against each other. Threats that leapfrog like privilege escalation require security-team visibility both across and within the network.

LEARN MORE Why machine learning is key to impactful threat detection and intelligence