Menlo Security’s annual Browser Security Report reveals a 130% increase in zero-hour phishing attacks and growing use of generative AI in cybercrime. The report analyzed over 752,000 browser-based phishing attacks, highlighting key trends in cybersecurity.
Zero-Hour Phishing Attacks
The report highlights the increasing use of AI tools by cybercriminals to exploit browser vulnerabilities and bypass security defenses. In 2024, nearly 600 cases of fraud involving generative AI were reported, with attackers impersonating popular platforms to steal personal information.
These fake sites often offer services like resume creation, but instead deliver malware-infected documents.
Andrew Harding, VP of Security Strategy at Menlo Security, pointed out that these attacks are evolving from credential theft to personal data harvesting using advanced social engineering tactics.
Browser Vulnerabilities: A Major Target for Cyberattacks
Web browsers, widely used for both work and personal activities, are prime targets for cyberattacks.
Cybercriminals are exploiting tactics like malicious ads on trusted websites, brand impersonation on platforms such as Slack and Microsoft Teams, and vulnerabilities in popular browsers like Chrome, Firefox, and Edge.
Additionally, Legacy Reputation URL Evasion (LURE) techniques are being used to bypass web filters by leveraging trusted domains.
Menlo Security’s report shows a massive 700% increase in new phishing sites since 2020, with nearly one million being created monthly. Around 51% of phishing attempts involve brand impersonation, with Microsoft, Facebook, and Netflix being the most impersonated.
Shockingly, 75% of phishing links are hosted on legitimate websites, with an average six-day exposure before detection by traditional security tools.
The abuse of cloud services like AWS and CloudFlare for phishing and ransomware hosting has also increased, accounting for nearly half of all incidents in 2024.
Menlo Security stresses the importance of prioritizing browser security, as cybercriminals are adopting AI-driven methods to scale their attacks. In 2024, one in five attacks used evasive techniques to bypass traditional security measures, a trend expected to grow in 2025.
The full State of Browser Security Report offers insights into major attack methods and provides actionable steps for security teams to protect against these rising browser-based threats.
Leave A Comment