At the Black Hat USA conference, cybersecurity researcher Michael Bargury demonstrated the vulnerabilities of Microsoft’s artificial intelligence assistant Copilot – potential attackers could use it for cyberattacks. His project indicates that organizations should review security policies when using AI technologies, including Copilot.
Image source: Ivana Tomášková / pixabay.com
Bargouri identified several methods by which attackers can use Microsoft Copilot to carry out cyberattacks. Copilot plugins, in particular, allow you to install backdoors that can be exploited when other users work with AI, and also serve as an aid in carrying out attacks that involve social engineering methods.
Using query injection, a hacker modifies the AI’s responses to suit his goals, allowing him to secretly search and extract data, bypassing standard file and information security measures. AI has also proven to be an effective weapon in social engineering attacks – Copilot can be used to create convincing phishing emails and prepare other methods of interacting with potential victims from whom a cybercriminal is trying to obtain sensitive information.
To demonstrate these vulnerabilities, Bargouri created LOLCopilot, a tool designed for ethical hackers that runs on any Microsoft 365 Copilot-enabled client using default configurations. Cybersecurity specialists can use it to explore scenarios for exploiting Copilot vulnerabilities to steal data and launch phishing attacks.
The developer points out that Microsoft Copilot’s existing default security settings are not effective enough to prevent these attacks. The availability of a tool to access and process large amounts of data demonstrates the risk involved in operating AI systems. The researcher recommends implementing additional security measures, including multi-factor authentication and strict data access control. Additionally, employees need to be educated about the risks associated with AI and have comprehensive incident response protocols in place.
Image Source: Mediatonic Among the available formats are team deathmatch, every man for himself, and…
Seasonic has released the PRIME PX-2200 2200 W power supply. The new product was first…
The ability of modern automation to control vehicles without human intervention is limited by a…
GPUs, originally created for creating three-dimensional images, have performed well in the field of accelerating…
South Korean electronics maker Samsung Display plans to invest $1.8 billion this year to build…
More and more users are complaining about problems with the responsiveness of the iPhone 16…