Menlo Security Tracks Massive Spike in Browser-Based Phishing Attacks

Browser-based phishing attacks are succeeding more than traditional phishing attacks.

Edward Gately, Senior News Editor

January 24, 2024

6 Slides

Browser-based phishing attacks skyrocketed in the second half of 2023 and should continue accelerating in 2024, according to a new Menlo Security report.

The report demonstrates the rapid growth of highly evasive adaptive threats (HEAT) targeting the browser. It reveals a 198% increase in browser-based phishing attacks in the second half of 2023 compared to the first half of the year. When specifically looking at attacks classified as evasive, the researchers observed a 206% increase.

To compile this report, the Menlo Labs Threat Research team examined threat data and browser telemetry gathered from Menlo Security Cloud, including more than 400 billion web sessions during 2023. Additionally, the team took a closer look at a 30-day period in the fourth quarter of 2023 to glean more specific insights about cybercriminals’ evolving tactics and attack patterns.

Menlo Security Tracks Rapid Growth of Attacks

Evasive attacks, those that use a range of techniques meant to evade traditional security controls, are growing at a faster rate than other types of browser-based phishing attacks because cybercriminals know they have a higher rate of success employing these methods, according to Menlo Security.

Evasive threats now make up 30% of total browser-based phishing attacks and include tactics such as SMS phishing (smishing), adversary in the middle (AITM) frameworks, image-based phishing, brand impersonation or multifactor authentication (MFA) bypass.

Browser usage across managed and unmanaged devices has skyrocketed in recent years, exposing an immense attack surface enterprises are grappling to cover. Traditional network-based security controls aren’t detecting zero-hour phishing attacks that deliver ransomware and steal credentials.

Menlo Security's Neko Papez

“These attacks are growing at a faster rate because cybercriminals know they have a higher rate of success employing these methods,” said Neko Papez, Menlo Security’s senior manager of cybersecurity strategy.

Scroll through our slideshow above for more from Menlo Security on browser-based attacks.

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like