GitHub becomes go-to platform for malware delivery across Europe

Phishing has become the go-to method for attackers looking to get past security controls and access sensitive environments in Europe, according to Netskope. Users are now constantly dealing with phishing attempts, which have become so common and credible that even careful people can make mistakes.

Adobe is the brand most commonly impersonated by cybercriminals, appearing in 29% of cloud phishing campaigns aimed at stealing credentials for digital services. Microsoft’s brand is the next most impersonated at 26%, with phishing efforts focusing on gaining access to Microsoft 365 cloud accounts.

In Europe, the most common type of data policy breach happens when people upload regulated information to websites or cloud services that their company hasn’t approved. Regulated data accounted for 57% of all policy violations in Europe, while another 17% involved data such as passwords and auth secrets.

Malware distribution via cloud apps

Attackers often strategically choose where to host their malware, making the hosting part of a broader effort to trick users through social engineering. They tend to use platforms that people already trust, especially widely used cloud apps, because that trust makes it more likely that someone will open a malicious file.

This year, GitHub tops the list, with 16% of organizations in the European region seeing malware downloads from the platform each month. That’s a noticeable shift from last year, when Microsoft OneDrive was the most used service for delivering malware.

GitHub’s rise is likely tied to its popularity among developers and its role in hosting red teaming tools, some used legitimately, others abused by threat actors. Right behind GitHub are OneDrive, Google Drive, and Amazon S3.

GenAI organizational adoption and usage trends

GenAI is now widely used across Europe, with 91% of organizations integrating cloud-based GenAI tools into their operations. 97% work with tools that include GenAI-powered features and 96% use applications that rely on user data for training.

Meanwhile, the use of personal GenAI accounts has dropped over the past year, falling from 73% to 58%. This decline points to a clear shift toward company-approved GenAI solutions that offer more control and better protection for sensitive data.

Most blocked GenAI apps

25% of European organizations are blanket blocking Grok AI, a GenAI chatbot developed by Elon Musk’s xAI. Organizations are opting instead for alternatives they deem more suited for enterprise use, such as OpenAI’s ChatGPT or Google’s Gemini. The most commonly blocked GenAI app across European organizations is Stable Diffusion, an image generator tool created by UK-based Stability AI.

“GenAI adoption is surging in Europe, becoming close to universal across the region’s businesses. However, this brings data security challenges and we’re seeing a significant rise in the exposure of sensitive and regulated data through these platforms. Organizations will increasingly look to adopt security and data protection technology that can support the workforce against attacks that are designed specifically to take advantage of human psychology. No app, or app traffic, should be considered trusted, or exempted from a security policy,” said Gianpietro Cutolo, Cloud Threat Researcher at Netskope Threat Labs.