Covert Multistage Cyberattack Strikes Copilot with a Single Click
Microsoft has recently addressed a significant vulnerability in its Copilot AI assistant. This flaw allowed malicious actors to extract sensitive user information with a single click on a URL. Notably, this exploit was uncovered by ethical hackers from the security firm Varonis.
Overview of the Cyberattack
The multistage cyberattack facilitated the exfiltration of critical data such as user names, locations, and event details from the Copilot chat history. Alarmingly, the attack persisted even after users closed the Copilot chat. This meant that no further interaction was necessary after users clicked the malevolent link in an email.
Bypassing Security Measures
This sophisticated attack managed to bypass enterprise endpoint security measures and evaded detection from endpoint protection applications. Dolev Taler, a security researcher at Varonis, explained the exploit, stating, “Once we deliver this link with this malicious prompt, the user just has to click on the link and the malicious task is immediately executed.”
Mechanics of the Exploit
The vulnerability stemmed from a URL that directed to a Varonis-controlled domain. A series of instructions, tagged as a ‘q’ parameter, were appended. Most large language models (LLMs), including Copilot, utilize this parameter to process URLs in user prompts.
- Attack Method: Upon clicking the link, the parameter prompted Copilot Personal to embed personal details into web requests.
- Instructions Extracted: The crafted prompt contained multiple directives, including:
- Change variables before proceeding with the URL.
- Ensure accuracy in results and repeat function calls for validation.
- Present a riddle to entice the user into participation.
Outcome of the Attack
This specific prompt successfully extracted a user secret, “HELLOWORLD1234!”, which was then dispatched to the Varonis-controlled server. The assault didn’t end there; further disguised instructions embedded within a .jpg file sought additional details, including the user’s name and location.
As companies become increasingly reliant on AI assistants like Copilot, understanding and mitigating cybersecurity vulnerabilities is vital. Ensuring that weaknesses are addressed can prevent potential data breaches that threaten personal and organizational security.
