Cloud App Adoption: Enterprise users in Insurance regularly interact with an average of 24 cloud apps each month. Microsoft apps including OneDrive, Teams, SharePoint, and Copilot are very popular.
Cloud App Abuse: In Insurance, the top three most popular apps abused to deliver malware were GitHub, OneDrive, and SharePoint.
Malware & Ransomware: Among the top malware families identified were Grandoreiro banker Trojan and AgentTesla Infostealer.
Cloud apps are ubiquitous in the enterprise, with the average user interacting with 24 different cloud apps every month. The top six apps make it clear the big preference for Microsoft apps in the Insurance industry. These specific apps were not only the most used, but also cover a big variety of functionalities such as storage, email, and messaging.
Apps like Microsoft Teams, OneDrive, and SharePoint are common in most industries, but Insurance stands out with Microsoft apps dominating the top six.
With so many cloud apps in use, especially the combinations of enterprise and personal apps, it underscores the importance of organizations in Insurance having policies to ensure the safe handling of sensitive data.
Because adversaries deliver malware through many different channels, organizations in Insurance must ensure that they have security controls to block malware downloads over the most popular apps. Approximately half of all global HTTP/HTTPS malware downloads originate from popular cloud apps, with the other half originating from different locations on the web. This section highlights the apps with the most malware downloads that were blocked by Netskope over the past year.
The most popular apps around the world are also among the top apps in terms of the number of malware downloads, reflecting adversary tactics (adversaries tend to abuse top apps because of their popularity), user behavior (users interact with popular apps more frequently), and organizational policy (organizations tend to allow popular apps). The top two apps with the most malware downloads, GitHub and OneDrive, have very similar numbers in terms of malware downloads.
This list contains the top five malware and ransomware families detected by Netskope targeting users in Insurance over the last 12 months:
This report highlights increasing cloud adoption, including increased data uploaded to, and downloaded from, various cloud apps. It also highlights an increasing trend of attackers abusing various cloud apps, especially popular enterprise apps, to deliver malware (mostly Trojans) to their victims. Netskope Threat Labs recommends organizations in Insurance review their security posture to ensure that they are adequately protected against these trends:
Staffed by the industry’s foremost cloud threat and malware researchers, Netskope Threat Labs discovers, analyzes, and designs defenses against the latest cloud threats affecting enterprises. Our researchers are regular presenters and volunteers at top security conferences, including DefCon, BlackHat, and RSA.
Netskope provides threat protection to millions of users worldwide. Information presented in this report is based on anonymized usage data collected by the Netskope One platform relating to a subset of Netskope customers with prior authorization.
This report contains information about detections raised by Netskope’s Next Generation Secure Web Gateway (SWG), not considering the significance of the impact of each individual threat. Stats in this report are based on the period starting May 1, 2023 through April 30, 2024. Stats are a reflection of attacker tactics, user behavior, and organization policy.
In the monthly Netskope Threat Labs Report, you will find the top 5 malicious domains, malware, and apps that the Netskope Security Cloud platform blocked plus recent publications and a threat roundup.
Back 
