Privilege escalation is when a malicious user gains elevated access to resources they are not authorized to access. This happens when a cybercriminal exploits a bug, design flaw, or a configuration error in an application or operating system. Once the cybercriminal obtains elevated privileges to your network, they use these privileges to steal data, run administrative commands, and deploy malware. There are two types of privilege escalation that cybercriminals typically use: horizontal privilege escalation and vertical privilege escalation.
Horizontal privilege escalation gives the attacker access to data and functionality on the same privilege level as the user account that they currently occupy. This horizonal move through a network allows the cybercriminal to access data from another user account and to look for a possible path from that user account to more elevated status – vertical privilege escalation.
Vertical privilege escalation is the most dangerous type of privilege escalation. This is where the attacker moves through the network to secure rights to more privileged accounts – like those of a system administrator. Once this type of privilege is secured, the attacker can download and execute ransomware, erase data, as well as delete access logs and other evidence of their malicious activities.
The ability of the cybercriminal to hide their presence from the victim is one of the most detrimental aspects of vertical privilege escalation. This ability empowers the cybercriminal to steal information secretly and stealthily establish a strong foothold in the victim’s network. Therefore, quick detection – and investigation – of attempted and successful privilege escalation is critical to your dealership’s cyber defense.
Here are some tips for defending against malicious privilege escalation:
- Ensure strong and secure passwords for all users.
- Establish specific users and groups with minimum necessary privileges and file access.
- Implement an employee training program to educate users how to detect a social engineering attack.
- Promptly deploy security patches. Most attacks exploit well-known vulnerabilities that security patching will fix.
- Close unnecessary ports and remove unused user accounts.
- Change default login credentials on all devices – including routers and printers.
The work that is required to effectively defend your dealership from the cybercriminal is never-ending. Protecting against malicious privilege escalation is yet one more example of the ongoing efforts a proper cyber defense requires.