Over half of insider threats involved privilege escalation flaws

Exploitation of privilege escalation vulnerabilities accounted for 55% of insider threats from January 2021 to April 2023, while the remainder of threats involved offensive tool misuse, reports BleepingComputer. Threat actors have mostly leveraged the Windows privilege escalation flaw, tracked as CVE-2023-0213, the DirtyPipe Linux kernel pipe operations flaw, tracked as CVE-2022-0847, the PwnKit Linux flaw, tracked as CVE-2021-4034, the Linux bug, tracked as CVE-2019-13272, and Windows kernel mode driver win32k.sys-targeting bugs, tracked as CVE-2015-1701 and CVE-2014-4113, to facilitate insider attacks, according to a CrowdStrike report. The findings also showed that disorderly exploit testing, inappropriate offensive security tool execution, insecure code downloads, and other unintended risks have stemmed from almost 50% of insider incidents during the study period, with some of the risks caused by exploit testing on production workstations. Researchers also found that insider incidents have resulted in corporate losses amounting to $648,000 and $485,000 on average for malicious and non-malicious incidents, respectively.