Menlo Security has released its annual State of Browser Security Report, highlighting a significant increase in browser-based attacks.
The report reveals a 130% rise in zero-hour phishing attacks and a 140% increase in overall browser-based phishing attacks compared to 2023.
This surge is attributed to the growing use of AI-powered attacks, phishing-as-a-service (PhaaS), and zero-day vulnerabilities.
Threat actors are leveraging these tactics to exploit browser vulnerabilities, harvest user credentials, and evade traditional security defenses.
AI-Powered Threats and Phishing Trends
The report analyzed over 752,000 browser-based phishing attacks and identified nearly 600 incidents of GenAI fraud.
These incidents involved impersonating generative AI platforms to trick users into providing personal information, often under the guise of generating documents like résumés.
Instead of focusing solely on credential theft, these attacks aim to collect sensitive personal data.
The returned documents, typically PDFs, can also hide malware, posing additional security risks. Brands like Microsoft, Facebook, and Netflix were frequently impersonated in phishing attempts.
Threat actors have become increasingly sophisticated, using tools and infrastructure similar to those employed by professional engineers.
The rise of phishing-as-a-service kits and advanced social engineering techniques has enabled attackers to bypass traditional security controls.
Menlo Security noted that one in five attacks in 2024 used evasive techniques to evade detection.
This trend is expected to escalate as attackers adopt AI to enhance the scale and effectiveness of their attacks.
Security Implications and Recommendations
The widespread use of web browsers for both personal and professional activities has made them a prime target for cyber threats.
Common attack vectors include malicious ads on popular websites and the exploitation of vulnerabilities in major browsers like Chrome, Firefox, and Edge.
To combat these threats, organizations must prioritize browser security.
Menlo Security’s report offers insights into how browser-based attack trends will evolve in 2025 and provides recommendations for security teams to prepare against these emerging threats.
The company’s Cloud-Browser Security Platform is designed to provide comprehensive protection without impacting user experience, making it a valuable tool in the fight against browser-based attacks.
