All networks and operating systems, no matter how advanced or secure, have flaws and vulnerabilities that can be exploited by threat actors in one way or another.

These security holes enable privilege escalation attacks, which are cyberattacks designed to gain unauthorized and privileged access within a breached system.

Horizontal vs. Vertical Privilege Escalation

Every operating system has built-in mechanisms that distinguish between different levels of privilege; between administrators, power users, regular users, guests, and so on. The goal of a privilege escalation attack is to reach the highest level of privilege, though that is not always possible.

With this in mind, it is important to understand that there are two main types of privilege escalation: horizontal and vertical. Both are dangerous, but the differences between them are significant.

In a horizontal privilege escalation attack, a threat actor gains access to one account, and then moves horizontally across a network, in an effort to gain access to other accounts with the same or similar privileges. And in a vertical privilege escalation attack, a cybercriminal tries to move vertically within a network: they compromise one user, and then try to compromise other users with more privileges.

How Privilege Escalation Takes Place

Server room photographed from below

Cybercriminals use all sorts of different techniques, some more complex than others, to penetrate a system. These can be divided into three categories.

1. Social Engineering

In cybersecurity, the term social engineering refers to any attempt by a threat actor to manipulate a target into taking action. This typically includes impersonating a legitimate entity.

For example, an attacker might send a phishing email to a low-level employee of a company. If the employee falls for it, the attacker gets their foot through the door of a system. Then they try to escalate their privileges. There are also vishing (voice phishing) social engineering attacks—they involve the attacker contacting the target and impersonating a figure of authority, for example law enforcement or an IT professional.

A cybercriminal might also deploy scareware, a malicious program that tricks the victim into believing they need to download software or take action to get rid of a virus, but actually directs them to download malware. Spear phishing, whaling, and pharming attacks are also fairly common.

2. Malware

Malware (i.e. malicious software) can be used to both penetrate a system, and perform privilege escalation once inside it. For example, if an attacker sees an opportunity to perform vertical privilege escalation, they can deploy rootkits and gain essentially full control of a system.

On the other hand, ransomware can be particularly useful for horizontal privilege escalation because it tends to spread rapidly with the goal of locking all data it can access. Worms are also used in horizontal privilege escalation, as they replicate themselves by default.

Spyware attacks are another great way for threat actors to break into a system. If a cybercriminal manages to deploy spyware to a system, they gain the ability to monitor user activity, which includes keyboard strokes or screen captures. This way, they can obtain access to user credentials, compromise accounts, and perform privilege escalation.

3. Credential-Based Attacks

To bypass an organization's security, cybercriminals also employ credential-based attacks, the object of which is to access users' passwords and usernames. Organizations that don't use two-factor authentication are especially vulnerable to these attacks, because employees tend to reuse passwords, share them with colleagues, or store them in plain text on their computers.

There are many ways for cybercriminals to gain access to credentials, including pass-the-hash attacks and credential stuffing, which involves using lists of usernames and passwords that were exposed in previous breaches and leaked on the dark web. Password spraying and brute-force attacks are less common, but still happen. The same can be said of shoulder surfing, which is all about tracking the actions of privileged users through keyloggers and similar malicious software, via spy cameras, or even in person.

Credential-based attacks are particularly dangerous because threat actors can use stolen credentials to move around a system undetected, escalating privileges in the process.

Threat actors can use any and all combinations of the above when targeting a system. These attack methods are often intertwined in more than one way. A single crack in any system or network, no matter how seemingly miniscule or peripheral, can provide an opening for a cybercriminal to pierce through an organization's defenses. And once they enter a network, they will look for any way to escalate privileges and strike.

How to Prevent Privilege Escalation Attacks

Privilege escalation attacks are almost exclusively aimed at organizations, as opposed to individuals, so protecting against them necessitates an all-encompassing and holistic approach to security.

Every serious business needs to set strict administrative controls—a set of regulations that all employees need to understand, and respect at all times. This primarily has to do with setting strict rules in terms of granting access, or rather making sure that employees only have access to what they need to carry out their tasks properly. Not even administrators or power users should have broad permissions.

Security sign seen over a photo of a server room

Insider threats, whether malicious or non-malicious, are the number one cause of data breaches. For this reason, it is imperative to have a strict password policy in place. A good password policy includes the use of complex passwords, periodical password changes, two-factor or multi-factor authentication, and clearly-defined guidelines pertaining to password management.

Additionally, technical controls as such are the foundation of every good security arrangement. It is crucial to use strong encryption protocols, install strong and reliable anti-malware software, put up firewalls, and regularly address any vulnerabilities in a system, whether through patches and updates, or other safeguards.

The Best Way to Defend Against Privilege Escalation

All software is vulnerable to cyberattacks, which are becoming more sophisticated by the day. Add insider threats into the mix, and it's easy to see why every organization, regardless of size, needs proper protection to stay safe from data theft and other threats.

There may not be a one-size-fits-all solution to cybersecurity, but there are a number of different ways to effectively approach the matter. And arguably the best way to secure a system is to build a zero trust security infrastructure, because it encompasses layers of privilege control and authentication mechanisms.