198% Surge in Browser Based zero-hour Phishing Attacks

The digital landscape is under siege. Surging browser-based phishing attacks, a 198% increase in just the second half of 2023, paint a chilling picture of cyber threats outsmarting traditional security. 

Menlo Security’s 2023 State of Browser Security Report unveils this alarming trend, sounding the alarm for organizations and individuals alike.

Document
Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

The Rise of Evasive Attacks

Gone are the days of easily identifiable phishing scams. 

Cybercriminals are now armed with highly evasive techniques, bypassing conventional defenses like network filters and email scanners. 

These HEATs (Highly Evasive Adaptive Threats), making up 30% of all browser-based attacks, employ tactics like:

  • SMS Phishing (Smishing): Luring victims with seemingly legitimate text messages.
  • Adversary in the Middle (AITM): Intercepting and manipulating web traffic on the fly.
  • Image-Based Phishing: Embedding malicious code within seemingly harmless images.
  • Brand Impersonation: Mimicking trusted websites to steal login credentials.
  • Multi-Factor Authentication (MFA) Bypass: Finding ways to circumvent even two-factor security.

Traditional security, built for known threats, stumbles against the lightning speed of zero-hour attacks. 

These novel phishing campaigns, observed at over 11,000 in just 30 days, exploit the vast and vulnerable attack surface of modern browsers. 

Worryingly, 75% of these attacks hide on trusted websites, cloaked in a veneer of legitimacy.

Despite technological advancements, the human element remains the weakest link. 

Phishing preys on our inherent trust and cognitive biases, tricking us into divulging sensitive information. 

This makes browser security the ultimate line of defense, protecting users at the point of interaction with the web.

Menlo Security: Shining a Light on the Dark Web

The report paints a stark picture, but not a hopeless one. Menlo Security offers a beacon of hope with its advanced browser security solutions

Leveraging cutting-edge AI and machine learning, Menlo’s technology detects and thwarts even the most sophisticated evasive attacks.

Key Takeaways for a Safer Web:

  • Evasive threats demand a new approach: Traditional security falls short. Look to advanced browser security solutions powered by AI.
  • Zero-hour attacks lurk everywhere: Don’t let trusted websites lull you into a false sense of security. Remain vigilant and practice safe browsing habits.
  • Your browser is the frontline: Prioritize comprehensive browser security to shield yourself from evolving cyber threats

David Miller, Policy Advocate: “This report calls for increased collaboration between cybersecurity researchers, technology companies, and policymakers. We need to share threat intelligence, develop best practices, and create regulatory frameworks that incentivize stronger browser security measures.”

Organizations should adopt efficient incident response plans, regularly monitor email traffic for anomalies, and stay updated on emerging threats to stay ahead of the evolving email threat landscape with Trustifi AI-powered Email security solutions.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Next.js Vulnerability Let Attackers Bypass Authentication

A high-severity vulnerability has been discovered in the popular web framework, Next.js, which allows attackers…

4 minutes ago

CISA Issues Secure Practices for Cloud Services To Strengthen U.S Federal Agencies

In a decisive move to bolster cloud security, the Cybersecurity and Infrastructure Security Agency (CISA)…

40 minutes ago

Fortinet Critical Vulnerabilitiy Let Attackers Inject Commands Remotely

Fortinet, a global leader in cybersecurity solutions, has issued an urgent security advisory addressing two…

1 hour ago

Critical Chrome Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Google has released a new security update on the Stable channel, bringing Chrome to version 131.0.6778.204/.205…

2 hours ago

CISA Released Secure Mobile Communication Best Practices – 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has released new best practice guidance to safeguard…

3 hours ago

New VIPKeyLogger Via Weaponized Office Documenrs Steals Login Credentials

The VIPKeyLogger infostealer, exhibiting similarities to the Snake Keylogger, is actively circulating through phishing campaigns. …

20 hours ago