The top three apps being abused to deliver malware in the insurance industry are GitHub, OneDrive and SharePoint, according to Netskope Threat Labs.

The insurance industry “stands out” as a target and Microsoft apps dominate the top six trouble areas, it says. OneDrive, Teams, SharePoint and Copilot are “highly favoured”.  

The average user now interacts with 24 apps each month, and Netskope says insurance businesses need systems in place to ensure safe handling of sensitive data.  

“Organisations in insurance must ensure they have security controls to block malware downloads over the most popular apps,” the cybersecurity group said.

Software developer platform GitHub experiences almost twice as many malware downloads in the insurance industry as in other industries, Netskope analysis shows.  

“As GitHub gains traction both among organisations and cybercriminals, it’s poised to replace cloud platforms more traditionally targeted by threat actors, like Microsoft OneDrive,” Netskope cyber intelligence principal Paolo Passeri said.

Attackers create malicious packages to mimic legitimate content and host them on GitHub, or sometimes compromise genuine projects. Attacks can target multiple organisations at once, maximising “return on investment with minimal effort”.

Netskope says its platform protects more than 625,000 workers, and it works with three of the top four insurance companies in Australia. It recommends that businesses inspect all HTTP and HTTPS downloads to prevent malware from infiltrating networks.  

High-risk file types such as executables and archives should be analysed before being downloaded, with downloads from apps not used in the organisation blocked.

An intrusion prevention system can identify and block malicious traffic patterns, such as command and control traffic associated with popular malware, while remote browser isolation technology protects when visiting websites.

See Netskope’s report here.