Skip to content
All posts

Gaining Immunity to Privilege Escalation

Soviet intelligence would often recruit low-level military or industrial operatives during the Cold War and keep them in place over many years. They were promoted to increasingly senior positions with access to the most secret and potentially harmful material like the famous ‘Cambridge spy ring’ in the UK. Playing the long game can be very advantageous in outwitting defenses.

Many cybersecurity attacks these days are characterized by a stealth approach by hackers, especially the more sophisticated operations conducted by state actors, The methods of gaining initial admission to a system are well-known. These include zero-day exploits, IT misconfigurations, coding errors and bugs, installation of malware by careless clicks or unauthorized hardware, phishing, social engineering, or brute force cracking of passwords.  Once inside the network, the attacker conducts reconnaissance to familiarise themselves with the security measures in place, blinding defenses by leaving no trace of intrusion and gaining privileges incrementally both horizontally (across users with similar access) and vertically (stepping up to higher privileges).  The target is the IT and Cyber teams of an organization. If their accounts and privileges can be compromised, then secrets, including IP, financial data, customer details including credit cards and passwords, and digital assets are up for grabs.

So why, if privilege escalation is perhaps the most common and insidious type of first-step cyber attacks, does it remain widespread despite massive investment globally in cybersecurity? History shows that the main factors determining the outcome in most battles were superior strategy and superior technology. The Conquistadors fought against the indigenous people with their horses in South America, while Germans used their tanks against the Russian cavalry in world war I. The Russian cavalry, albeit haphazardly, created a massive empire that encompassed three (almost) contiguous continents. Mechanization and new strategies swiftly overcame a once proud army.

The analogy with cybersecurity is clear. The fundamentals of any network or system are based on access privileges and permissions mechanisms for managing and performing any operations within Its systems and networks. This is baked into the architecture and construction of most modern computing. If you succeed in gaining access, then a dedicated and knowledgeable person or group has just as good a chance of overcoming your defenses as a German tank against a Russian horse. 

Many attacks start with some form of social engineering. The baddies trick the goodies either into telling them their passwords or enticing them with clickbait to install software that will deliver the same result (and probably significantly more). So rather than a complete overhaul of the existing defensive wall, much concentration goes on training employees to be savvy and avoid the pitfalls of giving away credentials through negligence.

Other layers of protection have been added on the wise assumption that humans will always be fallible, and you are only as good as your weakest link. Extensive logging, for example, coupled with artificial intelligence, can be trained to detect anomalies in user account behavior. However, as we’ve already seen, lateral movement and horizontal privilege attacks can also allow malicious actors to gain sufficient information about a system to make their intrusion undetectable. Undoubtedly a combination of patches to the architecture is helpful but ultimately doesn’t contend with the fundamental problem. The hierarchical system of privileges relies on intelligent, honest, and diligent employees who demonstrate all those qualities all the time.

With its overall zero-trust strategy, HUB assumes that all authorization mechanisms have either been compromised or will be compromised. Zero-trust prohibits access to all data except that the user needs for the task at hand. However, if the attacker has managed to gain administrator privileges allowing them to delete logs and other methods to hide their access, then even zero-trust is ineffective.

HUB’s approach is layered but recognizes that anyone who has gained admin privileges has already overcome many of these and needs an infallible final wall of defense. To this end, we have developed an approach that represents a paradigm shift in system protection, albeit one based on ancient principles.

The jewel house in the Tower of London was established In 1378 as a fortified vault within a fortified castle to house these relics of enormous value and symbolism. The Keeper of the Jewels had one key, and the second went to the Lord Treasurer. Later, in the 16th century, and following two attacks, an armed guard was set up to provide round-the-clock protection—the famous Yeoman of the Guard, or Beefeaters. 

HUB replicates this by enclosing sensitive databases, critical business processes, sensitive services, encryption and signing, and other crown jewels in an HSM level secured vault at the heart of the system.
But multiple Beefeaters need to gain entry to different rooms within the fortress. So HUB creates keys that will only open the doors they need to open using handheld mini-HSM devices. 

This allows for the following:

  • A crypto-based authentication model with a physical device in the user’s hands
  • Continuous verification of user activity via the device
  • Invoking of authentication via the physical device held by the admin for any configuration changes or updates to IT or security policies
  • Changes in hardware, updatable firmware, and security configurations without any other adjustments

Once running in HUB’s secure environment, any token that allows any level of privileges won’t help an attacker.  Privileges are granted only via crypto approval based on the security device in the user’s hand. The requisite security mechanisms are encased into HUB’s solution, which is based on the User’s security device and can be leveraged to the business processes level. The system manager defines the system’s critical processes and sensitive procedures, which can be limited to run only under the authentication and approval mechanisms set for each user’s device. 

Tradition has it that the Tower of London will crumble, along with the jewel house within it if the ravens that accompany the guards should ever fly away. We’re working on the ravens now but in the meantime, HUB’s unique protection solution allows you to regain control over your business-critical processes and digital assets.