Menlo Security, a provider of secure enterprise browsers, published its annual State of Browser Security report. This document identified key drivers behind the sharp rise in browser-based attacks, including AI-powered, phishing-as-a-service (PhaaS) and zero-day vulnerabilities.
Menlo Threat Intelligence analyzed over 752,000 browser-based phishing attacks and studied the trends shaping AI-powered threats. Research indicated that a surge in GenAI threats spurred a 140 percent increase in browser-based phishing attacks (compared to 2023) and 130 percent increase in zero-hour phishing attacks.
Microsoft, Facebook and Netflix were the most commonly-impoersonated brands in browser-based phishing attempts. GenAI services are also increasingly impersonated. In 2024, Menlo identified nearly 600 incidents of GenAI fraud in which imposter sites used GenAI platform names to manipulate and exploit victims.
“Interestingly, the majority of GenAI fraud was not for the purpose of credential theft,” said Andrew Harding, VP of security strategy, Menlo Security. “Instead, these impersonation sites attempted to trick people into entering highly personal information. These fake GenAI platforms promise to generate a resume or similarly personal document. In addition to cybercriminals stealing sensitive and personal information, the returned document is typically a PDF, where malware can hide out and be delivered. In the past year, Menlo Security successfully thwarted hundreds of incidents of such GenAI fraud.”
Web browsers are the most widely used application for both work and personal activities. This widespread use and frequent vulnerabilities has enabled threat actors to evolve their tactics, shifting their focus toward sophisticated, browser-based attacks. These attacks utilize subtle and powerful tactics that bypass traditional endpoint security defenses and network security controls.
Common attack vectors include malicious ads positioned on popular websites to distribute malware and steal credentials. Browser-based phishing attacks are prevalent, especially those leveraging legacy reputation URL evasion (LURE) techniques, which evade web filters that attempt to categorize domains based on implied trust. Attacks through business collaboration tools such as Slack or Teams often involve brand impersonation techniques, as well as exploitation of browser vulnerabilities in Chrome, Firefox, Edge and others.
Key findings include:
- Cybercriminals created nearly a million new phishing sites each month, representing a 700 percent increase since 2020.
- Nearly 51 percent of browser-based phishing attempts involved some form of brand impersonation.
- 75 percent of phishing links are hosted on good, trusted websites, with up to six days as the average window of exposure before legacy security tools begin blocking pages from zero-hour phishing attacks.
- Phishing attacks hosted on subdomain providers increased by 51 percent, representing 24 percent of all phishing attacks.
- Four of the top five hosting providers used by bad actors were U.S.-based.
