Free Newsletters for the Channel
Register for Your Free Newsletter Now
January 24, 2024
Browser-based phishing attacks skyrocketed in the second half of 2023 and should continue accelerating in 2024, according to a new Menlo Security report.
The report demonstrates the rapid growth of highly evasive adaptive threats (HEAT) targeting the browser. It reveals a 198% increase in browser-based phishing attacks in the second half of 2023 compared to the first half of the year. When specifically looking at attacks classified as evasive, the researchers observed a 206% increase.
To compile this report, the Menlo Labs Threat Research team examined threat data and browser telemetry gathered from Menlo Security Cloud, including more than 400 billion web sessions during 2023. Additionally, the team took a closer look at a 30-day period in the fourth quarter of 2023 to glean more specific insights about cybercriminals’ evolving tactics and attack patterns.
Evasive attacks, those that use a range of techniques meant to evade traditional security controls, are growing at a faster rate than other types of browser-based phishing attacks because cybercriminals know they have a higher rate of success employing these methods, according to Menlo Security.
Evasive threats now make up 30% of total browser-based phishing attacks and include tactics such as SMS phishing (smishing), adversary in the middle (AITM) frameworks, image-based phishing, brand impersonation or multifactor authentication (MFA) bypass.
Browser usage across managed and unmanaged devices has skyrocketed in recent years, exposing an immense attack surface enterprises are grappling to cover. Traditional network-based security controls aren’t detecting zero-hour phishing attacks that deliver ransomware and steal credentials.
Menlo Security's Neko Papez
“These attacks are growing at a faster rate because cybercriminals know they have a higher rate of success employing these methods,” said Neko Papez, Menlo Security’s senior manager of cybersecurity strategy.
Scroll through our slideshow above for more from Menlo Security on browser-based attacks.
You May Also Like
The Gately Report: Trellix Partners Shielding SMBs from RansomwareFeb 26, 2024
Cloud Computing News: AWS Loses Another Key Exec to Azure; Canalys, Vega Cloud, Hyve NewsFeb 23, 2024
Channel Futures Reveals 2024 Circle of Excellence InducteesFeb 23, 2024
Canalys Channel Leadership Matrix Names AWS, Cisco, HP Among 'Champions'Feb 22, 2024