A new report out today from cloud security company Menlo Security Inc. reveal that there was a 140% increase in browser-based phishing attacks in 2024, among other findings.

The findings come from Menlo Security’s annual State of Browser Security Report, which identifies several key drivers behind the sharp rise in browser-based attacks, including artificial intelligence-powered attacks, phishing-as-a-service and zero-day, or newly discovered and unpatched, vulnerabilities.

Generative AI attacks lead the report, with the 140% increase in browser-based phishing attacks attributed to AI. Additionally, the report also details a 130% year-over-year increase in zero-hour phishing attacks.

Microsoft Corp., Facebook and Netflix Inc. were found to be the brands most commonly impersonated in browser-based phishing attempts. Surprisingly, generative AI services themselves were also found to be increasingly impersonated. In 2024, Menlo Security identified nearly 600 incidents of generative AI fraud, in which imposter sites used generative AI platform names to manipulate and exploit unsuspecting victims.

“Interestingly, the majority of generative AI fraud was not for the purpose of credential theft,” said Andrew Harding, vice president of security strategy at Menlo Security. “Instead, these impersonation sites attempted to trick people into entering highly personal information.”

Harding added that these fake generative AI platforms promise to generate a résumé or similarly personal document. “In addition to cybercriminals stealing sensitive and personal information, the returned document is typically a PDF, where malware can hide out and be delivered,” he said.

With web browsers the most widely used application for both work and personal activities, their widespread use and vulnerabilities have allowed threat actors to evolve their tactics. The attacks use subtle and powerful tactics that bypass traditional endpoint security defenses and network security controls.

Common attack vectors include malicious ads positioned on popular websites to distribute malware and steal credentials. Browser-based phishing attacks were also found to be prevalent, especially those leveraging Legacy Reputation URL Evasion techniques, which evade web filters that attempt to categorize domains based on implied trust.

Also noted in the report is a rise of attacks through business collaboration tools such as Slack and Microsoft Teams, which often involve brand impersonation techniques and exploitation of browser vulnerabilities in major browsers, including Chrome, Firefox and Edge.

Other findings in the report include a 700% increase in phishing sites since 2020, with cybercriminals creating nearly 1 million new phishing sites each month.

Phishing attacks hosted on subdomain providers surged by 51%, making up 24% of all phishing incidents, with four of the top five hosting providers for these attacks based in the U.S. The report also highlights a rise in cloud service exploitation: Amazon Web Services Inc. and Cloudflare Inc. accounted for nearly half of all malicious hosting instances in 2024, underscoring the growing security risks tied to cloud-based infrastructure.

Thomas Richards, principal consultant, network and Red Team practice director at security firm Black Duck Software Inc., told SiliconANGLE via email that “malicious actors are quick to develop new techniques to evade detection and, as the Menlo Security report notes, increase the number of browser-based phishing attacks.”

“Every new advancement in technology is a double-edged sword; powering automation and increase in hosted services helps businesses and malicious actors alike,” he said. “SaaS providers should begin implementing malicious detection to lock and remove accounts that are suspicious and hosting malicious or impersonating content.”

Richards added that it’s very difficult for users to identify these browser-based phishing attacks since they’re mostly using trusted services. “Before proceeding with account creation or entering credentials on an unknown website, it’s best to do some research to ensure that it is the original website and not a forgery,” he said. “This can be accomplished with an internet search as the search providers have done a good job of not allowing malicious sites to be listed in the top results.”

Image: SiliconANGLE/Ideogram