Editing Computer security (section)

===Privilege escalation===
[[Privilege escalation]] describes a situation where an attacker with some level of restricted access is able to, without authorization, elevate their privileges or access level.<ref name="Privilege escalation">{{Cite web |title=What is Privilege Escalation? – CrowdStrike |url=https://www.crowdstrike.com/cybersecurity-101/privilege-escalation/ |access-date=2023-12-07 |website=crowdstrike.com |language=en}}</ref> For example, a standard computer user may be able to exploit a [[Vulnerability (computing)|vulnerability]] in the system to gain access to restricted data; or even become ''[[superuser|root]]'' and have full unrestricted access to a system. The severity of attacks can range from attacks simply sending an unsolicited email to a [[Ransomware|ransomware attack]] on large amounts of data. Privilege escalation usually starts with [[Social engineering (security)|social engineering]] techniques, often [[phishing]].<ref name="Privilege escalation" />

Privilege escalation can be separated into two strategies, horizontal and vertical privilege escalation:

* Horizontal escalation (or account takeover) is where an attacker gains access to a normal user account that has relatively low-level privileges. This may be through stealing the user's username and password. Once they have access, they have gained a ''foothold'', and using this foothold the attacker then may move around the network of users at this same lower level, gaining access to information of this similar privilege.<ref name="Privilege escalation" />
* Vertical escalation however targets people higher up in a company and often with more administrative power, such as an employee in IT with a higher privilege. Using this privileged account will then enable the attacker to invade other accounts.<ref name="Privilege escalation" />