Background

How Threat Actors Use Copilot

Written by Hornetsecurity / 16.10.2024 /

You are currently viewing a placeholder content from Youtube. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information

You are currently viewing a placeholder content from Libsyn. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information

In this episode of the Security Swarm Podcast, the host Andy Syrewicze and the guest Philip Galea discuss the security implications of Microsoft’s AI assistant Copilot, which is integrated into the Microsoft 365 suite. They explore how Copilot’s ability to surface information from an organization’s Microsoft 365 data can create significant security risks, especially for companies that lack the operational maturity to properly manage permissions and access controls. 

The discussion also covers Microsoft’s reactive approach to security in some of its products, where default settings are often not secure enough, and the company is slow to address these issues. The host and the guest emphasize the need for organizations to take a proactive approach to security, continuously reviewing and updating their security posture to mitigate the risks posed by Copilot and other Microsoft 365 features.  

The episode also introduces Hornetsecurity’s Tenant Manager tool, which aims to help organizations better manage and enforce their Microsoft 365 security settings, providing a centralized and automated way to ensure that their environments are configured according to best practices.  

Do you want to join the conversation? Join us in our Security Lab LinkedIn Group

Key Takeaways: 

  • Copilot makes it easy for nosy or malicious insiders to quickly surface sensitive information that they may not have proper access to.

  • Copilot could be abused by threat actors who compromise a user account with an active Copilot license, allowing them to easily gather intelligence and move laterally within the organization. 

  • Microsoft’s default security settings and permissions in Microsoft 365 are often too open, creating challenges for organizations to properly secure their data.

  • Jailbreaking Copilot to bypass its security restrictions is an ongoing concern, as it could allow users to access restricted information.

  • Solutions like sensitivity labels and disabling search on sensitive SharePoint sites have significant drawbacks and may not be practical for many organizations.

  • Tools like Hornetsecurity’s Permission Manager and Tenant Manager can help organizations better manage and enforce security policies across Microsoft 365.

  • Continuous security awareness and training for employees is crucial to mitigate the risks posed by Copilot and other AI-powered tools.

Timestamps: 

(04:37) Challenges with managing permissions and sharing in Microsoft 365  

(11:20) Microsoft’s history of security-related missteps and reactive responses  

(16:17) Attempts to jailbreak Copilot and bypass its security restrictions  

(21:08) Insider threat scenarios enabled by Copilot’s data surfacing capabilities  

(23:40) Threat actor scenarios and the potential impact of a compromised Copilot-enabled account  

(34:16) Hornetsecurity’s 365 Permission Manager and 365 Multi-Tenant Manager for MSPs solutions to help manage Microsoft 365 security.

Episode Resources: 

Andy and Phil’s first Episode on Sharepoint Permissions

365 Multi-Tenant Manager

— 

As an MSP, managing security and compliance policies across multiple Microsoft 365 tenants can be a complex and time-consuming task. The new 365 Multi-Tenant Manager for MSPs from Hornetsecurity provides a centralized solution to easily configure, enforce and monitor security settings across all your clients’ environments.  

With 365 Multi-Tenant Manager, you can:  

  • Quickly create and apply security baseline policies to new and existing tenants

  • Automatically remediate configuration drift to ensure continuous compliance

  • Monitor policy adherence and receive alerts on risky changes

  • Streamline Microsoft 365 administration and reduce your clients’ security risks

Stop juggling multiple portals and start taking control of your clients’ Microsoft 365 security. Try the 365 Multi-Tenant Manager for MSPs today and simplify your Microsoft 365 management. Schedule your demo today and learn more. 

— 

Streamline your Microsoft 365 security with 365 Permission Manager – the tool that provides visibility, control, and automated remediation of SharePoint, OneDrive, and Teams permissions. Take back control of your data and protect against insider threats and external breaches. 

You might also be interested in