Steep Rise in Phishing Attacks: 140% Year-Over-Year Increase Detected in Browser Cases, Affecting 752,000 Users
In the digital age, where cyber threats are evolving at an alarming rate, a new report by Menlo Security reveals a concerning trend – cybercriminals are focusing on browsers as their primary attack vector.
Organizations are making risky trade-offs by relying on basic security tools and default email protection instead of investing in comprehensive security solutions. Traditional cybersecurity defenses, such as firewalls and secure web gateways, are proving inadequate against evolving threats.
Attackers are deploying evasive techniques like fileless malware and memory-only payloads to evade detection. These tactics, combined with the increasing use of brand impersonation in phishing attacks, make it challenging for organizations to protect their networks.
The report indicates that over the past twelve months, companies have registered over 170,000 zero-hour phishing attacks. Affected browsers with documented exploitation of zero-day vulnerabilities are produced by major manufacturers such as Google (Chrome), Microsoft (Edge), and Mozilla (Firefox).
The exploitation of zero-days targeting vulnerabilities in popular browsers has been observed, and one in five attacks leveraged evasion techniques to bypass security controls. The abuse of Cloudflare services for phishing increased by 104% in 2024, and the adoption of phishing-as-a-service (PhaaS) has been noted.
Phishers are exploiting the high public interest in GenAI by imitating popular AI platforms. GenAI names were used to deceive users in nearly 600 phishing incidents.
To combat these threats, experts suggest the adoption of proactive security measures. Krishna Vishnubhotla, vice president of product strategy at Zimperium, suggests the adoption of real-time, AI-driven mobile security to detect and block phishing. Meanwhile, Stephen Kowski, field CTO at SlashNext, predicts a significant intensification of the threat landscape.
However, the good news is that secure cloud browsing solutions can isolate user activity from enterprise networks to prevent malicious content from compromising systems. AI-enhanced threat detection tools can help identify and neutralize sophisticated phishing campaigns before they cause damage.
As the threat of browser-based attacks escalates, with attackers using more sophisticated methods like AI-powered phishing campaigns, it is crucial for organizations to evolve their security measures as fast as the threats. Relying on outdated defenses is no longer sufficient; security must evolve as fast as the threats.
Read also:
- Bridge the IT-Security Divide with Qualys VMDR for ITSM: A New Application to Streamline Your IT and Security Operations
- Italy passes AI legislation addressing privacy concerns, supervision, and kid-safe access
- East Asian countries should be cautious, as scamming operations are moving towards the region - it's high time we stay vigilant. - Phar Kim Beng
- Senators pressure nominated leader of CISA on election security concerns, focus of agency highlighted
