In our latest thrilling installment of “The Cloud Chronicles,” Netskope’s Threat Labs delivers another gripping tale of digital doom and gloom. This January 2025 report reads like the screenplay for a high-tech disaster movie, featuring everyone’s favorite antagonists: cybercriminals.
Spoiler alert: the cloud is their playground, and it’s not exactly what we’d call “secure.” From data breaches to malware campaigns, the hits just keep on coming. And if you thought that moving to the cloud was like finding a utopian paradise, you might want to think again. It turns out, those fluffy digital clouds have more in common with stormy weather.
Among the many highlights (if you can call them that), the report dives into the nuances of how these digital delinquents have fine-tuned their tactics. In a turn of events that would make even the most hardened IT professional shudder, malicious actors have embraced the cloud for its cost-effectiveness and convenience. Irony much?
In the murky waters of cyber threats, Microsoft stands out—not exactly by choice, but because it’s the most targeted brand among cloud apps. Cybercriminals have a particular fondness for Microsoft Live and 365 credentials, making them their prime targets. Other brands, like Yahoo and AOL, also get their share of unwanted attention, with attackers explicitly aiming for their login credentials.
However, things take an even more cunning turn with Adobe and DocuSign. Attackers use these brands not just to steal Adobe and DocuSign credentials but to trick victims into surrendering credentials for a variety of services. They even provide a catch-all “other” option for victims to enter any email address and password. It’s phishing with a buffet menu.
Why is Microsoft such a hot target? It’s simple: Microsoft’s 365 is the kingpin of productivity suites. Its vast user base makes it a juicy target, hence the staggering statistic that roughly 75% of phishing attempts end up aimed at Microsoft credentials.
In essence, while other brands aren’t off the hook, Microsoft’s popularity ensures it remains the most desirable target for these digital miscreants. It’s a tough job being on top.
Other notable facts found in the report include:
Top target for phishing campaigns that users clicked on in 2024 were cloud applications, representing over one-quarter of the clicks. Attacker objectives vary depending on the target:
- Cloud – Attackers aim to sell stolen account access on illicit marketplaces, where the buyer will use it for business email compromise, to steal data, or to pivot to other more high-value victims.
- Banking – Banking institutions are targeted for financial fraud.
- Telco – Telecommunication providers are targeted for fraud or to sell access to stolen accounts.
- Social Media – Social media accounts can be used by low-level actors to propagate scams and spread malware or by sophisticated adversary groups to spread disinformation and misinformation.
- Government – The most common government phishing target is the Internal Revenue Service in the United States, where financial information is requested to pay out a tax refund.
Moving beyond attacks to facilitators of future exploited vector points is the discussion of Personal App Risks which now includes a section for AI apps and offers us a bit of insight into AI adoption and use among the largest providers of large language models.
Generative AI app usage saw a significant rise throughout 2024, reflected in three key metrics. Organization adoption surged, with 94% of organizations now using genAI apps, up from 81% the previous year. Although this growth has slowed as adoption nears 100%, it is expected to reach 96% by the end of 2025, particularly in industries like banking, government, and education. User counts tripled over the past year, from 2.6% to 7.8% in the average organization.
Top sectors, such as retail and technology, saw over 13% of employees using these apps. This trend is anticipated to continue, with user counts potentially doubling in 2025, even as banking remains a laggard with only 3% adoption. App adoption also increased, with organizations now using an average of 9.6 genAI apps, up from 7.6. The surge was driven by the popularity of apps like Google Gemini, Microsoft Copilot, Perplexity AI, and GitHub Copilot, though ChatGPT and Grammarly maintain their top positions.
However, the personal use of genAI apps poses significant data security risks, with common violations involving source code, regulated data (such as personal, financial, or healthcare data), intellectual property, and passwords. To manage these risks, organizations employ various controls, including blocking, coaching, and data loss prevention (DLP) measures. Blocking remains effective for non-business apps, with 73% of organizations blocking at least one app.
With that being said, Microsoft once again crops up as major security weed thanks in part to its relative level of AI growth.
The following figure shows the time series of the adoption of the top 10 apps over the past year, with ChatGPT, Google Gemini, and Perplexity AI increasing by approximately 20 percentage points over the year. The only two apps with more substantial gains were Microsoft Copilot and GitHub Copilot, new offerings from Microsoft, which both saw substantial growth immediately following general availability. Their growth rates have since slowed, but both apps are still poised to continue their rise into 2025. All of the genAI apps in the top ten saw their adoption increase by at least six percentage points in the past year and will continue to make additional gains in 2025.
Netkskope – Cloud and Threat Report: January 2025
Highly regulated industries like banking and healthcare block the most apps, while sectors like retail and technology block the fewest. Despite the rising usage and associated risks, 99% of organizations have implemented controls to manage genAI data security, ensuring a cautious yet progressive approach to this rapidly evolving technology.
This isn’t just a cautionary tale, it’s a clarion call to wake up and smell the malware. While you’re busy sipping your coffee and daydreaming about a secure digital future, the cyber adversaries are already ten steps ahead, plotting their next strike.
So, what’s the takeaway here? Trust nothing, verify everything, and remember that even in the cloud, there’s no silver lining without a bit of storm.
For those brave enough to face the full report, check out Netskope’s latest findings and keep your digital umbrellas at the ready. It’s going to be a bumpy ride.
