Cloud and Threat Report:
2025

This report explores key trends in four areas of cybersecurity risks facing organizations worldwide– adversarial risk, social engineering risk, personal app risk, and genAI app risk–highlighting the strategies organizations use to manage these risks.

Cloud and Threat Report
2025

In This Report Introduction Social engineering risk

Phishing Trojans

Personal app risk Generative AI risk

Organization adoption User counts App adoption Blocking Coaching

Adversarial risk

Salt Typhoon TA577 UAC-0050

Recommendations Netskope Threat Labs About This Report

24 min read

In This Report

Social engineering risk – Phishing is on the rise globally, with 8.4 out of every 1,000 users clicking a phishing link per month, nearly triple last year’s average, with Microsoft 365 credentials being the top target.
Personal app risk – Personal app use is rampant in the enterprise, with more than one out of every four users (26%) uploading, posting, or otherwise sending data to personal apps every month, with personal use of cloud storage, webmail, and genAI apps posing the most significant risks to organizations worldwide.
Generative AI risk – GenAI adoption continues to increase, with the number of genAI users nearly tripling year-over-year and 94% of organizations now using genAI apps, increasing data risk to organizations worldwide.
Adversarial risk – Adversary activity in 2024 mirrored the broader geopolitical landscape, with Russian groups TA577 and UAC-0050 and the Chinese group Salt Typhoon among the most active worldwide.

test answer

Introduction

Amidst the growing complexity of cyber threats, one truth remains evident: People–including authorized users and external attackers–are at the center of cybersecurity risk. Although the human element of cybersecurity risk is widely known, the complexities of the modern workplace make it increasingly challenging for individuals to make informed decisions about sensitive data, digital risks, and security protocols:

For every message they receive, they must quickly assess whether it is legitimate, often relying on cues as subtle as tone, spelling, grammar, and formatting.
When handling sensitive data, they must balance the need to access and use information with the imperative to protect it from unauthorized parties.
When navigating the cloud, they must make high-stakes decisions about trust and risk in real time when they encounter authorization prompts.

The sheer volume of these decisions–often made under duress or with limited information–can lead to suboptimal decision-making. Furthermore, there are inherent cognitive biases that influence the human decision-making process, including:

Confirmation bias, the tendency to prioritize familiar patterns over suspicious anomalies.
Availability bias, the reliance on recent experiences rather than objective evidence.
Cognitive fatigue, the diminished ability to reason effectively after prolonged exposure to security alerts and warnings.

These factors create a perfect storm of uncertainty, where even the most well-intentioned individuals can inadvertently compromise organizational security. Furthermore, attackers constantly seek to exploit these vulnerabilities, often using sophisticated social engineering tactics that manipulate users into taking actions that might seem benign. This uncertainty has been intensified even further by recent advances in genAI, which attackers use to engage with their victims in a manner that is even more personalized and convincing.

This report examines some of the most significant risks facing organizations worldwide and explores the successful cybersecurity strategies those organizations have adopted to manage those risks. It centers on four types of cybersecurity risk:

Social engineering risk: Adversaries attempt to exploit human behavior and bypass security measures using phishing messages over various channels, malicious websites, Trojans, and other tactics.
Personal app risk: The ubiquity of personal cloud apps in the enterprise has created an environment where users knowingly or unknowingly use personal apps to process sensitive information, leading to the loss of organizational control over data and potential data breaches.
Generative AI risk: The promises of genAI have inspired a growing percentage of people and organizations to use a variety of genAI to improve their productivity or work quality, often resulting in sensitive information being disclosed to unauthorized third parties.
Adversarial risk: Highly motivated adversaries are generally well-resourced, sophisticated, and persistent in their attempts to infiltrate an organization.

The remainder of this report explores these four risks in more detail, focusing on trends observed throughout 2024 and into 2025.

Social engineering risk

Social engineering risk is ubiquitous, arising not just from the well-resourced and sophisticated geopolitical and criminal groups mentioned later in the Adversarial risk section but also from low-level ransomware affiliates, cybercrime gangs, and other attackers. Instead of searching for hard-to-find vulnerabilities to infiltrate a victim organization, the attacker targets those working in that organization, using phishing, pretexting, Trojans, deepfakes, and other tactics. Success ultimately hinges on gaining trust, scaring, or otherwise manipulating people into taking actions that compromise security. In the remainder of this section, we highlight two common types of social engineering risk: phishing and Trojans.

Phishing

Phishing generally takes the form of an attacker creating a fake login page for a website, using a tool to reverse proxy a login page, or making a fake application to trick the victim into authorizing access. Over the past year, the number of users clicking on phishing links has increased by nearly triple, from 2.9 in 2023 to 8.4 out of every 1,000 users in the average organization clicking on a phishing link each month. This increase comes despite most organizations requiring users to undergo security awareness training to avoid phishing attacks. The main factors leading to this increase are cognitive fatigue (with users constantly being bombarded with phishing attempts) and the creativity and adaptability of the attackers in delivering harder-to-detect baits.

The top target for phishing campaigns that users clicked on in 2024 were cloud applications, representing over one-quarter of the clicks. Attacker objectives vary depending on the target:

Cloud – Attackers aim to sell stolen account access on illicit marketplaces, where the buyer will use it for business email compromise, to steal data, or to pivot to other more high-value victims.
Banking – Banking institutions are targeted for financial fraud.
Telco – Telecommunication providers are targeted for fraud or to sell access to stolen accounts.
Social Media – Social media accounts can be used by low-level actors to propagate scams and spread malware or by sophisticated adversary groups to spread disinformation and misinformation.
Government – The most common government phishing target is the Internal Revenue Service in the United States, where financial information is requested to pay out a tax refund.

The most targeted brand among cloud apps is Microsoft, where attackers target Microsoft Live and 365 credentials. Pages targeting Yahoo and AOL are similar, explicitly targeting login credentials for those apps. However, the fake Adobe and DocuSign pages are slightly different, as illustrated in the screenshots below the graph: The phishing pages use the Adobe and DocuSign brands to target credentials for other services. To ensure no one is left out, the attackers in both examples even include an “other” option where the victim can enter any email address and password. In both of these examples and most others, Microsoft 365 is among the target credentials. As a result, the percentage of users clicking on links targeting Microsoft credentials is closer to 75%. Microsoft’s popularity as a phishing target is unsurprising because Microsoft 365 is the most popular productivity suite by a large margin.

Where the victims are encountering the phishing links provides clues as to why the number of users clicking on such links may have increased in the past year. The majority of the clicks did not come from email but rather from various other locations throughout the web. The top referrer was search engines, where attackers run malicious ads or use SEO poisoning techniques to get the phishing pages listed at the top of the search engine results for specific terms. Other top referrers included shopping, technology, business, and entertainment sites, where the referrals come from comments, malicious ads, and infected sites. The variety of phishing sources illustrates some creative social engineering by attackers. They know their victims may be wary of inbound emails (where they are repeatedly taught not to click on links) but will much more freely click on links in search engine results.

Trojans

1.4 out of every 100 people encountered malicious content on the web or in the cloud each month during 2024. The most common types of content encountered were JavaScript-based Trojans. These malicious scripts aim to trick the victim into downloading malware, visiting another malicious scam or phishing site, or authorizing access to their accounts. Below is a list of the top 10 most commonly encountered malware families, all designed to trick their victims into downloading, opening, or clicking something to kick off a series of cascading events designed to compromise their systems. Blocking Trojans is crucial because they are often the initial vector for more sophisticated malicious activities, including espionage, ransomware, financial fraud, and sabotage.

Backdoor.Zusy (a.k.a. TinyBanker) is a banking Trojan based on Zeus’s source code that aims to steal personal information via code injection into websites.

Downloader.Nemucod is a JavaScript downloader that has previously delivered Teslacrypt.

Downloader.SLoad (a.k.a Starslord) is a downloader often used to deliver Ramnit.
Downloader.Upatre is a downloader that distributes other payloads, such as Locky and Dridex.

Infostealer.AgentTesla is a .NET-based remote access Trojan with many capabilities, including stealing passwords from the browser, logging keystrokes, and capturing clipboard contents.

Trojan.CobaltStrike is a powerful commercial penetration testing framework that enables various functionalities, including a highly customizable command and control framework to evade traditional network-based detection. Cracked versions of CobaltStrike are widely used by many adversary groups.

Trojan.FakeUpdater (a.k.a. SocGholish) is a JavaScript downloader that delivers various payloads, including Dridex and Azorult.

Trojan.Parrottds is a JavaScript-based traffic direction system that has been infecting websites since 2019 and has been used to redirect traffic to various malicious locations.

Trojan.Valyria (a.k.a. POWERSTATS) is a family of malicious Microsoft Office documents that contain embedded malicious VBScripts, usually to deliver other malicious payloads.

Trojan.VexTrio is a JavaScript-based traffic direction system that has been active since 2017 and is used by multiple criminal organizations to redirect victims to various malicious locations.

Where attackers host their malicious payloads is also an element of social engineering. Attackers want to host malicious content on platforms where the victims place implicit trust, such as popular cloud apps. As a result, malicious content downloads from popular cloud apps occur in 88% of organizations every month. While the downloads come from hundreds of apps, the chart below presents the top five apps in terms of the percentage of organizations downloading malicious content. GitHub is at the top because it hosts various red teaming tools used for both benign and malicious purposes. Google Drive, OneDrive, Amazon S3, and Box follow because they are ubiquitous cloud storage apps widely used in the enterprise. All of the vendors on this list are generally proactive and responsive in removing malicious content from their platforms, limiting the risk to only the short time window when the content is reachable by the victim.

Personal app risk

The ubiquity of personal cloud apps in the enterprise has created an environment where users use personal apps to process or store sensitive information, leading to the loss of organizational control over data and potential data breaches. Some of this is unintentional (e.g., all files automatically backed up to a personal OneDrive or iCloud account), and some is intentional (e.g., using personal genAI app accounts to process data). In both of the prior examples, the intent is benign (people are just trying to get their jobs done). Still, organizations also see people using personal apps with malicious intent, such as when exiting employees take client data, source code, or intellectual property using personal apps. The overwhelming majority of users (88%) use personal cloud apps each month, with 26% uploading, posting, or otherwise sending data to personal apps. The top 10 personal apps to which users send data is shown in the figure below, which highlights the following themes:

Cloud storage: Google Drive and Microsoft OneDrive are the most popular personal apps for uploading data from managed devices.
Webmail: The companion webmail apps to the top cloud storage apps (Gmail and Outlook) are also among the top 10.
GenAI: Personal instances of genAI apps ChatGPT and Google Gemini are also very popular. The following section, entitled “Generative AI risk,” provides more details about how these apps are being used and the risks they pose.
Social media: Social media apps LinkedIn, Facebook, and Twitter make up three of the top 10 apps. Data sent to these apps are a mix of posts made in an official capacity and personal posts.
Calendar: Google Calendar is also very popular, where the data sent to the app includes a combination of personal and organization-related meeting notes and videoconferencing details.

The main risks associated with personal app instances vary based on the type of app:

Cloud storage: Is any sensitive data being uploaded (manually or automatically) to cloud storage apps outside the organization’s control?
Webmail: Is personal webmail being used for any business correspondence?
GenAI: Are personal genAI apps being used for business purposes? Is any sensitive data being sent to these apps? How do the apps use your data?
Social media: Are social media posts in alignment with organization and regulatory policies?
Calendar: Are any sensitive meeting details, video conferencing links, or meeting notes stored in personal calendars?

DLP
Users leaking sensitive data through personal apps is top of mind for most organizations, with 66% of organizations using DLP to restrict data flow into personal apps. The most common type of data policy violation is for regulated data (such as personal, financial, or healthcare data) uploaded to personal apps. The other types of sensitive data included intellectual property, passwords and keys, and source code. Encrypted data–where the main concern is that encryption may be a deliberate attempt to evade DLP controls or otherwise hide the content–made up a small percentage of the total. Encrypting or encoding data before exfiltrating it is also a common tactic of external adversaries after they have compromised a victim’s information systems.

Generative AI risk

Generative AI app use has continued to increase throughout 2024 in terms of three key metrics.

Organization adoption – 94% of organizations now use genAI apps, up from 81% a year ago.
User counts – 7.8% of people in an organization use genAI apps on average, triple the average of 2.6% at the end of 2023.
App adoption – Organizations use an average of 9.6 genAI apps, up from 7.6 one year ago.

In other words, more organizations are using genAI, more users are using genAI, and organizations are using more genAI apps than a year ago. Furthermore, all three of these metrics are poised to continue their increases throughout 2025 as genAI apps solidify their standing as an enterprise mainstay.

Organization adoption

The percentage of organizations using genAI apps continues to grow, from 81% at the end of 2023 to 94% at the end of 2024. As adoption nears 100%, this growth rate has slowed considerably. At the current trajectory, 96% of organizations will be using genAI apps by the end of 2025. Industries with the lowest AI adoption rates that will see increases next year include banking, state governments, local governments, and education. Even in these industries, adoption is already high, at or above 85%.

User counts

The number of people using genAI apps tripled over the past year, from 2.6% to 7.8% in the average organization. The top 25% of organizations had at least 21% of their people using genAI apps, while the bottom 1% had just 1.7%. We expect to see the number of genAI users double during 2025 at the current growth rate. Organizations with the highest average user counts include the retail and technology sectors, averaging more than 13% of their people using genAI apps. The top 25% of retail organizations had at least 34% of people using genAI apps, while the top 25% in technology led all other industries with at least 41% of people using genAI apps. At the other end of the spectrum, banking trailed with only 3% of users in the average organization using genAI.

App adoption

The average organization uses 9.6 genAI apps, up from 7.6 one year ago. The top 25% of organizations now use at least 24 apps, while the bottom 25% use at most four apps. At the current trajectory, the average will increase modestly by another two apps in 2025, as will the first and third quartiles.

Four popular genAI apps that drove the increase in the number of apps per organization were Google Gemini, Microsoft Copilot, Perplexity AI, and GitHub Copilot, whose popularity surged in 2024. While they were unable to catch up to ChatGPT and Grammarly, which maintained their status as the two most popular apps, they overtook all the others. Based on their current trajectory, these four apps are poised to overtake Grammarly in 2025.

The following figure shows the time series of the adoption of the top 10 apps over the past year, with ChatGPT, Google Gemini, and Perplexity AI increasing by approximately 20 percentage points over the year. The only two apps with more substantial gains were Microsoft Copilot and GitHub Copilot, new offerings from Microsoft, which both saw substantial growth immediately following general availability. Their growth rates have since slowed, but both apps are still poised to continue their rise into 2025. All of the genAI apps in the top ten saw their adoption increase by at least six percentage points in the past year and will continue to make additional gains in 2025.

The “Personal app risk” section highlighted that personal use of genAI apps poses a data security risk. This section highlights AI data risk in more detail, underscoring the data security challenges organizations face and how they control that risk. The main risks are summarized in the figure below, which shows the distribution of policy violations for data sent to genAI apps. Source code, regulated data (such as personal, financial, or healthcare data), intellectual property, and passwords and keys (typically leaked in source code) all represent a significant percentage of the violations. Encrypted data, a challenge for personal apps in general, is not a challenge for genAI apps, where uploading encrypted data is not valuable.

While 94% of organizations are using genAI apps, more than 99% of organizations have controls in place to mitigate the risks that genAI apps pose. The remainder of this section explores three of the most common controls for managing genAI data risk:

Blocking: Blocking is common, with 73% of organizations blocking at least one app and the breadth of the blocks rising in the most aggressive organizations.
Coaching: Real-time, interactive user coaching is used in 34% of organizations to control genAI data risk by empowering individuals to make informed decisions about AI risk in real time.
DLP: DLP adoption continues to rise, with 45% of organizations using DLP to control data flow into genAI apps.

Blocking

Blocks are an effective strategy for apps that serve no business purposes and should never be used under any circumstances. On average, the number of genAI apps blocked per organization has remained steady over the past year and is currently at 2.4 apps per organization. By contrast, there has been a significant increase in the number of apps blocked by the top 25% of organizations, where the number of blocked apps more than doubled from 6.3 to 14.6 over the past year. The industries that block the most apps are the highly regulated banking, financial services, healthcare, and telecommunications industries. At the other end of the spectrum, the manufacturing, retail, and technology industries block the fewest genAI apps on average.

The list of the top 10 most blocked AI apps reveals multiple categories, including writing assistants, chatbots, image generators, and audio generators. This list has remained essentially the same since the summer of 2024 with one notable exception: Perplexity AI has become less commonly blocked as it has grown in popularity.

Coaching

Real-time user coaching helps users make informed decisions about data security when confronted with tough choices. For example, it may remind a user that the genAI app they are about to use is not approved for sensitive data and ask if they would like to use it anyway. This strategy empowers the individual–who typically understands the data and business content–to make the right decision. Real-time user coaching reduces genAI risk in 34% of organizations worldwide. Real-time user coaching is popular across all industries, with retail leading the pack as the industry with the highest adoption rate.

Real-time user coaching is a highly effective tool for helping to shape user behavior. The introduction to this report highlighted that individuals tend to make cybersecurity-relevant decisions under duress (e.g., working on a project with an urgent deadline) and with limited information (e.g., not fully aware of organizational policies and the risks involved). Real-time user coaching helps address the challenge of limited information: “You are about to post a file that appears to contain patient names to ChatGPT, which would violate our company policies. Would you like to proceed?” Only 27% of the time does the user proceed when presented with a real-time coaching prompt. The other 73% of the time, the user decides not to continue based on the information provided in the coaching prompt. Coaching is a delicate balance, where too much coaching will lead to cognitive fatigue and users automatically clicking yes. A high proceed rate indicates cognitive fatigue and ineffective coaching. Organizations leveraging user coaching should regularly review the rates at which users choose to proceed and use the feedback from the coaching responses to craft more nuanced policies.

DLP
DLP can inspect prompts and other data sent to genAI apps in real time and make allow/block decisions based on the contents. It can also be used with real-time user coaching, notifying a user that a prompt they are posting contains sensitive information and asking if they would like to proceed in sending it anyway. DLP as a strategy for mitigating the genAI risk is growing in popularity globally at modest rates, from 42% in the summer of 2024 to 45% at the end of the year. DLP adoption varies widely by industry, with the telecommunications sector leading all others at 64% DLP adoption for genAI.

Adversarial risk

Adversarial risk refers to the risk that highly motivated adversaries who are well-resourced and sophisticated will eventually be successful in their persistent attempts to infiltrate a target organization. Such adversaries constantly evolve and refine tactics and techniques to evade defensive measures. These adversaries typically have specific goals, such as financial gain, information theft, or sabotage, and usually are either criminally or geopolitically motivated. Managing adversarial risk means taking proactive steps to understand current adversary tactics and techniques and performing ongoing risk assessments to ensure that appropriate countermeasures are in place to protect against them. Adversary activity in cyberspace typically mirrors the broader geopolitical landscape, which in 2024 included the ongoing Russian invasion of Ukraine and shifting power dynamics between superpowers (China and the United States, Russia and NATO) on the global stage.

Salt Typhoon

Location: China
Motivation: Geopolitical

Salt Typhoon is a Chinese group focusing on espionage, infamous for infiltrating multiple telecommunications companies in 2024. They exploited existing weaknesses in the telecom companies’ infrastructure and maintained prolonged stealth access, conducting a sophisticated espionage campaign against the customers of those companies. This campaign prompted CISA to release detailed visibility and hardening guidelines for communications infrastructure. The initial breach underscores the importance of investing in hardening systems against attackers. At the same time, the prolonged access Salt Typhoon had to their victims’ infrastructure underscores the importance of investing in cybersecurity systems that can monitor, detect, and understand activity within an organization’s network. Visibility is an essential requirement that enables the timely detection of threats and anomalies and the rapid response to any incidents.

TA577

Location: Russia
Motivation: Criminal
Aliases: Hive0118

TA577 has been targeting multiple industries worldwide, delivering malware payloads, including Qbot, Ursnif, and Cobalt Strike. They have been active since 2020 and function primarily as an initial access broker (IAB), a group that specializes in infiltrating organizations and selling unauthorized access to other adversary groups. IABs rely heavily on social engineering and security vulnerabilities to gain access to their target systems. In 2024, Netskope Threat Labs tracked potential TA577 activity targeting victims worldwide, including the US, UK, Canada, Australia, Africa, and Europe. The targets spanned multiple industries, including healthcare, financial services, legal, and technology.

UAC-0050

Location: Russia
Motivation: Geopolitical

UAC-0050 is a Russian group that started in 2023 and whose focus is espionage against Ukraine. They have been known to distribute the Remcos remote access Trojan (RAT) and rely heavily on social engineering to gain access to their target organizations. In 2024, Netskope Threat Labs tracked potential UAC-0050 activity targeting primarily organizations in critical infrastructure, including telecommunications, financial services, banking, and shipping. Although their primary focus is Ukraine, Netskope Threat Labs also tracked potential UAC-0050 activity targeting victims in regions allied with Ukraine, including the US, Brazil, and Australia.

Recommendations

Netskope Threat Labs recommends organizations worldwide review their security posture to ensure that they are adequately protected against the social engineering risk, personal app risk, generative AI risk, and adversary risk trends highlighted in this report:

Inspect all HTTP and HTTPS traffic (cloud and web) for phishing, Trojans, malware, and other malicious content. Netskope customers can configure their Netskope NG-SWG with a Threat Protection policy that applies to all traffic.
Ensure that high-risk file types, like executables and archives, are thoroughly inspected using a combination of static and dynamic analysis before being downloaded. Netskope Advanced Threat Protection customers can use a Patient Zero Prevention Policy to hold downloads until they have been fully inspected.
Block access to apps that do not serve any legitimate business purpose or that pose a disproportionate risk to the organization. A good starting point is a policy to allow reputable apps currently in use while blocking all others.
Block downloads from apps and instances that are not used in your organization to reduce your risk surface to only those apps and instances that are necessary for the business.
Block uploads to apps and instances that are not used in your organization to reduce the risk of accidental or deliberate data exposure from insiders or abuse by attackers.
Use DLP policies to detect potentially sensitive information–including source code, regulated data, passwords and keys, intellectual property, and encrypted data–being sent to personal app instances, genAI apps, or other unauthorized locations.
Employ real-time user coaching to remind users of company policy surrounding the use of AI apps, personal apps, and sensitive data at the time of interaction.
Leverage the responses to coaching prompts to refine and create more nuanced policies, ensuring that coaching remains targeted and effective and does not contribute to cognitive fatigue.
Regularly review AI app activity, trends, behaviors, and data sensitivity to identify risks to the organization and configure policies to mitigate those risks.
Use an Intrusion Prevention System (IPS) that can identify and block malicious traffic patterns, such as command and control traffic associated with prevalent malware. Blocking this type of communication can prevent further damage by limiting the attacker’s ability to perform additional actions.
Use a behavior analytics platform to identify hidden threats, like compromised devices, compromised accounts, and insider threats. A behavior analytics platform can identify sophisticated and difficult-to-identify threats in your environment, like malleable (customized) command and control beacons from frameworks like Mythic and CobaltStrike.
Use Remote Browser Isolation (RBI) technology to provide additional protection when there is a need to visit websites that fall into categories that can present higher risk, like newly observed and newly registered domains.

Netskope Threat Labs

Staffed by the industry’s foremost cloud threat and malware researchers, Netskope Threat Labs discovers, analyzes, and designs defenses against the latest cloud threats affecting enterprises. Our researchers are regular presenters and volunteers at top security conferences, including DefCon, BlackHat, and RSA.

About This Report

Netskope provides threat protection to millions of users worldwide. Information presented in this report is based on anonymized usage data collected by the Netskope One platform relating to a subset of Netskope customers with prior authorization.

This report contains information about detections raised by Netskope’s Next Generation Secure Web Gateway (SWG), not considering the significance of the impact of each individual threat. The statistics in this report are based on the period from November 1, 2023, through November 30, 2024. Stats reflect attacker tactics, user behavior, and organization policy.

Cloud and Threat Reports

The Netskope Cloud and Threat Report delivers unique insights into the adoption of cloud applications, changes in the cloud-enabled threat landscape, and the risks to enterprise data.

Browse reports

Storm with lightning over the city at night

Accelerate your cloud, data, AI, and network security program with Netskope

Get Started

Cloud and Threat Report: 2025

Cloud and Threat Report2025

In This Report

Introduction

Social engineering risk

Phishing

Trojans

Personal app risk

Generative AI risk

Organization adoption

User counts

App adoption

Blocking

Coaching

Adversarial risk

Salt Typhoon

TA577

UAC-0050

Recommendations

Netskope Threat Labs

About This Report

Cloud and Threat Reports

Accelerate your cloud, data, AI, and network security program with Netskope

Cloud and Threat Report:
2025

Cloud and Threat Report
2025