The 5 Types of Privilege Escalation
Through our research we’ve identified five patterns of privilege escalation in the public cloud. Let’s review them below:
- Direct Self Escalation
This is when an Identity can modify its own rights. It has all the permissions it needs to move throughout your environment e.g. make itself an administrator.
- Indirect Escalation
This is where one identity can modify another identity’s credentials to impersonate it. For example, an identity has the permission to modify roles in AWS. While this identity is unable to read sensitive data itself, it can modify other roles so that they can read that data, and then jump into this new role and reach their goal ultimately.
- Unintended Inheritance
This is often the result of the complexity in your cloud, including a web of rules, policies, trust relationships and permissions that give access at an unintended level. For example in Azure, a security team using a VM may have that identity at least privilege, but then higher up in the RBAC model, at the management group level, it was set that all devs in the application group have permission to read across the tenant. The result is a VM having unintended inheritance to read data across the environment.