In this last installment of our miniseries, we examine the potential risks associated with Microsoft Copilot. Learn about the different ways attackers could exploit Copilot to gain unauthorized access, distribute misinformation, and perform harmful actions. This article underscores the importance of robust access controls, real-time monitoring, and ethical AI considerations in mitigating these threats » READ MORE

A joint report from CISA, the FBI and DOD cybercrime division, highlight the continue stream of attack from Iran-based cyber actors known as Pioneer Kitten (or UNC757 or Rubidium or Lemon Sandstorm) has successfully created different persons on the criminal underground which is reselling access to affiliate of known ransomware groups such as Alpha, NoEscape or RansomHouse. This blur the line between nation states groups and the cyber criminal potentially raising some interesting questions.

The recent Google Chrome zero-day have been attributed to a hacking group named Citrine Sleet linked to the North Korean government. Microsoft provided more information in a detailed report.

An interesting article from Netcraft on the use of GenAI to create content for fraudulent websites. No big surprise here if you ask me as I have mentioned multiple time that social engineering and scamming will be the first threats to get the GenAI augmentation.

I had no time to do more coding recently, but a new tool named Cursor seems to be gaining traction. Definitely something to check out.

Basic controls matters more than you think. This will 100% compound on existing security challenges. I’m very curious to see how it will go in practice.

Insider threat might just have updated. The ability to create spear phishing attack or poison Copilot might become a key problem and something new that insider threat program needs to look at.

At the time of writing, Microsoft security controls and monitoring tools are not yet available in all regions and most of those are still in “preview”. You might need to look at other controls mechanisms to ensure you have visibility on what’s going on.

Scenario: An attacker (insider or external) gain access to a compromised account and uses Copilot to craft highly personalized phishing emails by analyzing past interactions, emails, and messages. The attacker can ask Copilot to identify top collaborators, gather details about recent communications, and create a convincing phishing email that is more likely to be successful due to its personalized nature.

Impact: This could lead to unauthorized data disclosure and potentially support lateral movement.

Security Challenge:

» Read more

Scenario: An attacker embeds malicious instructions within a document or file that is shared within the organization. When Copilot accesses this document, the embedded instructions could manipulate Copilot into performing unintended actions, such as disclosing sensitive information, altering data, or executing unwanted commands.

Impact: This could lead to unauthorized data disclosure, corruption of critical information, or even automated actions that could disrupt business operations.

Relevant Security Controls:

» Read more

Scenario: An attacker creates a poisoned document designed to be retrieved by Copilot during a query. The document is crafted to contain misleading or false information that, when retrieved, causes Copilot to provide incorrect or harmful outputs, such as false financial data or misleading business advice.

Impact: This could lead to poor decision-making based on incorrect information, financial losses, or damage to the organization's reputation.

Relevant Security Controls:

» Read more

Scenario: Through the “ConfusedPilot” vulnerability, an attacker manipulates Copilot into leaking sensitive corporate secrets or performing unauthorized actions by confusing the AI into acting on data it should not have access to. This could involve seeding malicious documents that Copilot then retrieves and acts upon, even if those documents should be restricted.

Impact: The attacker could extract sensitive information, such as confidential reports or proprietary data, or cause Copilot to perform actions that compromise the integrity and confidentiality of the organization’s operations.

Relevant Security Controls:

» Read more

Scenario: A vulnerability within Copilot could potentially allow an attacker to execute arbitrary code within the organization’s environment. This might occur through the manipulation of Copilot's interaction with other integrated applications or through crafted prompts that exploit security flaws within the system.

Impact: Successful exploitation could lead to complete control over the affected systems, allowing the attacker to deploy malware, steal data, or disrupt services within the enterprise.

Relevant Security Controls:

» Read more

Scenario: Temporary misconfigurations in access controls could lead to situations where Copilot has access to documents or data that it normally should not. Even after the misconfiguration is corrected, Copilot might retain cached information from that period, which could then be used inappropriately.

Impact: This could result in sensitive data being exposed to unauthorized users, leading to potential data breaches or unauthorized disclosure of confidential information.

Relevant Security Controls:

» Read more

Scenario: An insider or external attacker could use Copilot to generate and distribute misinformation or disinformation across the organization. By feeding Copilot manipulated or false data, the attacker can create misleading reports, summaries, or communications that could influence decision-making.

Impact: This can undermine trust within the organization, lead to misguided business strategies, or cause operational disruptions.

Relevant Security Controls:

Nearly 90% of organizations are actively implementing or exploring LLM use cases.

Only about 5% of organizations express high confidence in their GenAI security frameworks.

86% have moderate to low confidence in existing security measures.

38% of respondents are highly concerned about GenAI/LLM vulnerabilities.

91% of respondents indicated no GenAI/LLM vulnerabilities in the past year.

Most reported vulnerabilities include biased outputs, data leakage, and misuse of AI outputs.

44% addressed vulnerabilities immediately, within 24 hours.

61% of organizations have implemented access control mechanisms.

32% of respondents lack formal GenAI/LLM security policies.

73% of respondents identified ensuring data privacy as a significant risk.

The Complementarity Principle emphasizes human-machine collaboration for optimal long-term results.

State-machine-driven systems significantly reduce the need for human intervention.

Effective automation mimics human methodology and uses the same tools.

Collaborative automation enhances human skills, focusing on big-picture optimization.

Automating repetitive tasks allows humans to focus on creative work and system improvement.

Complementarity Principle-based automation maintains continuous human learning and growth.

Human improvisation and judgment are essential for effective debugging.

Machines excel at repetitive, precise, and 24/7 tasks, while humans excel at interpretation and improvisation.

Shared control between humans and automation ensures system effectiveness and learning.

The Leftover Principle results in increasingly difficult and rarer tasks left for humans.

AI indistinguishability and scalability increase online deception.

Current countermeasures like CAPTCHAs are inadequate.

'Personhood credentials' (PHCs) can verify humans without revealing personal info.

PHCs can reduce sockpuppeting, bot attacks, and misleading agents.

PHCs must balance privacy and trustworthiness.