Playbook Battle Card: GSPBC-1023 – Privilege Escalation – Exploitation for Privilege Escalation

How To Protect Against Privilege Escalation Attacks:

Create strong passwords and change them regularly. This simple action can lower the risk of privilege escalation cyber attacks. If all administrator accounts have a strong password, hackers will struggle to take control of their accounts.

You can also protect against privilege escalation cyberattacks by monitoring login requests. Hackers may gain access by performing a brute force attack. Watch login requests. This way, you can see which users are attempting to log in, as well as how many attempts they’ve made and other potential indicators of compromise.

  1. Monitor for:
    1. Unusual DNS activity
    2. Antivirus/Endpoint alerts
    3. IDS/IPS alerts
  2. Activity preceding and following escalation attempts may produce detectable IOC
  3. Investigate and clear all alerts associated with the impacted assets

Please Contact Us anytime if you have any questions about how GuardSight can help defend critical assets against cybersecurity threats, improve cybersecurity posture, and reduce overall risk.

Categories:
Comments

Comments are closed.