SC Media reports that Microsoft 365 Copilot could have sensitive user data compromised through the new ASCII Smuggling attack technique aimed at an already patched security flaw.
ASCII Smuggling would enable the obfuscation of data in the user interface while including malicious hyperlinks that would allow data exfiltration, according to cybersecurity researcher Johann Rehberger. Attacks were noted by Sectigo's Jason Soroko to involve malicious document-triggered prompt injection and data search manipulation in Copilot before luring targets into clicking the hyperlink, which could facilitate multi-factor authentication code theft.
Such an attack technique indicates the mounting advancements of artificial intelligence-enabled intrusions, which should prompt the adoption of more sophisticated cybersecurity tools that would allow threat detection across several platforms, noted SlashNext Email Security Field Chief Technology Officer Stephen Kowski.
"Additionally, continuous employee education on emerging threats and the implementation of strict access controls and data loss prevention measures are crucial in mitigating the risks posed by these innovative attack vectors," Kowski added.