Cybersecurity:Attack and Defense Strategies
上QQ阅读APP看书,第一时间看更新

Vertical privilege escalation

Vertical privilege escalation is where the attacker has to grant the higher privileges to himself/herself. It is a complex procedure since the user has to perform some kernel-level operations to elevate their access rights.

Once the operations are done, the attacker is left with access rights and privileges that allows them to run any unauthorized code. The rights acquired using this method are those of a super user that has higher rights than an administrator.

Due to these privileges, an attacker can perform various harmful actions that not even an administrator can stop. In Windows, vertical escalation is used to cause buffer overflows that attackers use to execute arbitrary code. This type of privilege escalation has already been witnessed in an attack that happened in May 2017 called WannaCry. WannaCry, a ransomware, caused devastation by encrypting computers in over 150 countries in the world and demanding a ransom of $300 to decrypt that would double after the second week. The interesting thing about it is that it was using a vulnerability called EternalBlue allegedly stolen from the NSA.

EternalBlue allowed the malware to escalate its privileges and run any arbitrary code on Windows computers.

In Linux, vertical privilege escalation is used to allow attackers to run or modify programs on a target machine with root user privileges.