What is Undetected Privilege Escalation? 

Undetected privilege escalation occurs when an attacker infiltrates a network without being noticed and elevates their access rights to inflict damage on more highly guarded systems or data. Every new privilege escalation allows attackers to exploit new vectors, ultimately leading to complete control of the system. 

How and Why Does Undetected Privilege Escalation Occur? 

An undetected privilege escalation attack can occur when essential cybersecurity measures are lacking. Typically, an undetected privilege escalation attack will target a low-level user to avoid scrutiny and evade stronger security measures that may be in place for more high-value users. This can occur because of: 

• Unpatched vulnerabilities. Vulnerabilities that can allow privilege escalation include system misconfigurations, cross-site scripting (XSS)What is Cross-Site Scripting?  Cross-site scripting (XSS) is a vulnerability that enables threat actors to inject malicious scripts into web pages. These scripts can execute within the victim’s browser, which could… More, and credential theftWhat is Credential Theft? Credential theft is a type of cyberattack in which attackers steal a victim’s login details, such as usernames, passwords, or other forms of authentication. This stolen… More. 

• Failure to follow the principle of least privilege, which restricts users (from low-level to administrators) to having only the permissions they need to perform their jobs. 

• MalwareWhat is Malware? Malware, a portmanteau of “malicious software,” constitutes a broad category of software specifically designed to infiltrate, damage, or disrupt computer systems, networks, and devices without the user’s… More. Once an attacker has gained entry to a system, a malicious payload can be deployed that will allow them to override protective settings and elevate their access level. 

• Social engineeringWhat is Social Engineering?  Social engineering is a manipulative tactic cybercriminals use to deceive individuals into divulging confidential information or performing actions that compromise security. Unlike technical attacks, which exploit… More. PhishingWhat is Phishing? Phishing is a type of cyberattack in which attackers send fraudulent communications, or direct people to counterfeit websites in order to trick those individuals into revealing sensitive… More attacks can entice users to give away their credentials, allowing a threat actor to get into the system unnoticed because the login is from a verified user. Once inside, malware can be deployed or vulnerabilities exploited to escalate privileges. 

• Open-source operating systems or software are particularly vulnerable to undetected privilege escalation attacks simply because the source code is available for anyone to inspect, and vulnerabilities are frequently found. 

Since differing levels of identity privilege can be allotted depending on the user (role-based permissions), geography (location-based permissions), and device (device-based permissions), attackers have their pick of vectors to exploit initially. 

Horizontal versus Vertical Privilege Escalation 

There are two kinds of privilege escalation: horizontal and vertical. 

What is horizontal privilege escalation? 

Horizontal privilege escalation occurs when an attacker compromises an account other than the one that was initially compromised (an account takeover). The secondary account typically has similar privileges. This is done because the attacker wants access to additional resources available under that other account – not necessarily climbing the privileges ladder. Horizontal privilege escalation is an example of lateral movement and preys on standard user accounts with generally low-level security protections. 

What is vertical privilege escalation? 

Vertical privilege escalation is when an attacker leverages the account access they already compromised and attempts to elevate the permissions of that compromised account. This typically requires more advanced, sophisticated measures as the goal is to obtain administrative access or root permissions, taking over a system completely.  

With total system control, threat actors can install software, alter configurations, and destroy or exfiltrate data. These types of attacks are often classified as Advanced Persistent Threats for their ability to lie undetected on the network for long periods of time without detection.  

How Can You Prevent Undetected Privilege Escalation? 

Privilege escalation attacks occur commonly, but they do not have to be undetected. They can be prevented by: 

1. Applying the principle of least privilege. 
2. Hardening user credential policies.  
3. Deploying multi-factor authenticationWhat is Authentication? Authentication is the process by which the identity of a user or system is verified. It ensures that the entity attempting to access a resource is who… More (MFAWhat is Multi-Factor Authentication? Multi-Factor Authentication (MFA) is a robust security method that enhances digital identity verification by requiring users to provide multiple authentication mechanisms before gaining access to a… More) to avoid credential theft. 
4. Training employees to spot signs of social engineering. 
5. Patching vulnerabilities and inspecting open-source software. 

If the attacker has already gained initial entry, a privilege escalation attack can be stopped by detecting it within the network as soon as possible. This can be done by using tools – like Endpoint Detection and Response (EDR)What is EDR? Endpoint Detection and Response (EDR) is a cybersecurity solution that proactively identifies and responds to threats to devices on a network, including desktop PCs, laptop PCs, mobile devices… More or Extended Detection and Response (XDR)What is Extended Detection and Response (XDR)?  Extended detection and response (XDR) is a unified security platform that employs AI and automation to help entities detect, investigate, and respond to sophisticated… More – that leverage behavioral analysis to spot indicators of compromise within complex digital environments.  

Want to know more? Test your knowledge with these 21 essential cybersecurity terms you should know.