Mitigating Privilege Escalation Attack by User Behaviour Analysis and Threat Hunting

The phrase “Trust no one; Verify everyone” is the best fit to describe the cyber world. With data becoming the most valuable asset, the need for organizations to be extra vigilant about their security posture is also increasing.

Cyber fraudsters are outpacing organizations with the latest intrusion techniques, bringing up the need for on-time threat detection and proactive threat hunting. In addition, testing security posture and analysing user activity with User Behaviour Analysis are two crucial activities to build a robust security posture.

Keeping up the fact that cyber attackers are inevitable, entities must be prepared enough to fight against cyberattacks with high-end SIEM solutions. A robust Security Information and Event Management (SIEM) can monitor security networks 24*7*365, detect suspicious activities, and mitigate threats timely.

The case study narrates how an adversary used brute force attempts and started privilege escalation, one of the most infamous techniques used by cyber attackers to perform data breach menace. Privilege escalation involves a malicious user of an account or application attempts to escalate user privileges by intruding into other user account or application.

After discussing the privilege escalation attack, the case study unfolds how SISA’s threat hunting team appended User Behaviour Analysis to threat hunting and correlated events to detect and mitigate privilege escalation attack, that could have caused great damage to the organization.