Menlo Security Tracks Massive Spike in Browser-Based Phishing Attacks

Browser-based phishing attacks are succeeding more than traditional phishing attacks.

Edward Gately, Senior News Editor

January 24, 2024

6 Slides
Menlo Security: Browser-based cyberattacks spike

Browser-based phishing attacks skyrocketed in the second half of 2023 and should continue accelerating in 2024, according to a new Menlo Security report.

The report demonstrates the rapid growth of highly evasive adaptive threats (HEAT) targeting the browser. It reveals a 198% increase in browser-based phishing attacks in the second half of 2023 compared to the first half of the year. When specifically looking at attacks classified as evasive, the researchers observed a 206% increase.

To compile this report, the Menlo Labs Threat Research team examined threat data and browser telemetry gathered from Menlo Security Cloud, including more than 400 billion web sessions during 2023. Additionally, the team took a closer look at a 30-day period in the fourth quarter of 2023 to glean more specific insights about cybercriminals’ evolving tactics and attack patterns.

Menlo Security Tracks Rapid Growth of Attacks

Evasive attacks, those that use a range of techniques meant to evade traditional security controls, are growing at a faster rate than other types of browser-based phishing attacks because cybercriminals know they have a higher rate of success employing these methods, according to Menlo Security.

Evasive threats now make up 30% of total browser-based phishing attacks and include tactics such as SMS phishing (smishing), adversary in the middle (AITM) frameworks, image-based phishing, brand impersonation or multifactor authentication (MFA) bypass.

Browser usage across managed and unmanaged devices has skyrocketed in recent years, exposing an immense attack surface enterprises are grappling to cover. Traditional network-based security controls aren’t detecting zero-hour phishing attacks that deliver ransomware and steal credentials.

Menlo Security's Neko Papez

Menlo Security's Neko Papez

“These attacks are growing at a faster rate because cybercriminals know they have a higher rate of success employing these methods,” said Neko Papez, Menlo Security’s senior manager of cybersecurity strategy.

Scroll through our slideshow above for more from Menlo Security on browser-based attacks.

Read more about:

VARs/SIsMSPsChannel Research

About the Author(s)

Edward Gately

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

See more from Edward Gately
Free Newsletters for the Channel
Register for Your Free Newsletter Now
Subscribe

You May Also Like

Galleries
See all
Sep 16 - Sep 19, 2024
Join us for MSP Summit, September 16-19, 2024 in Atlanta, GA. You don't want to miss the industry’s most innovative and inspiring gathering of business leaders focused on growing their managed services businesses. This year’s MSP Summit will help attendees stay ahead of exponentially increasing security threats, expanding their range of services through a merger or acquisition and embrace a wide range of innovative new technologies. Get notified when registration opens.
Sign Up For Special Deal