Zero-Hour Phishing Attacks Exploiting Browser Vulnerabilities Surge by 130%

Menlo Security, a leader in Secure Enterprise Browsers, has released its annual State of Browser Security Report, revealing a sharp rise in browser-based cyberattacks.

The report highlights a 130% surge in zero-hour phishing attacks and a significant increase in the exploitation of generative AI (GenAI) platforms for fraudulent activities.

Menlo Threat Intelligence analyzed over 752,000 browser-based phishing attacks to identify key trends shaping the cybersecurity landscape.

AI-Powered Threats Driving Attack Sophistication

The report underscores the growing use of AI-powered tools by cybercriminals to exploit browser vulnerabilities and evade traditional security defenses.

Generative AI fraud incidents reached nearly 600 cases in 2024, with attackers impersonating popular GenAI platforms to manipulate victims into sharing sensitive personal information.

These fraudulent sites often promise services like résumé creation but deliver malware-laden documents instead.

Andrew Harding, VP of Security Strategy at Menlo Security, noted that these attacks are shifting from credential theft to harvesting personal data through advanced social engineering techniques.

Browser Vulnerabilities as a Prime Target

Web browsers, being ubiquitous in both professional and personal use, remain a key target for cyberattacks.

Threat actors increasingly leverage tactics such as malicious ads on trusted websites, brand impersonation on collaboration tools like Slack and Microsoft Teams, and exploitation of vulnerabilities in major browsers like Chrome, Firefox, and Edge.

Legacy Reputation URL Evasion (LURE) techniques have also become prevalent, allowing attackers to bypass web filters by exploiting trusted domains.

Menlo Security’s findings reveal that nearly one million new phishing sites are created monthly, a staggering 700% increase since 2020.

Approximately 51% of browser-based phishing attempts involve brand impersonation, with Microsoft, Facebook, and Netflix being the most impersonated entities.

Alarmingly, 75% of phishing links are hosted on legitimate websites, with an average exposure window of six days before detection by legacy security tools.

The report highlights the increasing misuse of cloud services like AWS and CloudFlare for hosting phishing sites and ransomware.

These platforms accounted for nearly half of all instances of abused cloud hosting in 2024.

Four out of five hosting providers used by attackers were based in the U.S., reflecting the country’s prominence in digital transformation and reliance on cloud-based services.

Menlo Security emphasizes the urgent need for organizations to prioritize browser security as attackers continue to adopt AI-driven techniques to scale their operations.

Harding warned that one in five attacks in 2024 displayed evasive techniques designed to bypass traditional network and endpoint security controls.

This trend is expected to escalate further in 2025.

The full State of Browser Security Report provides detailed insights into major attack vectors, real-world examples, and actionable recommendations for security teams to mitigate risks associated with browser-based threats.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup – Try for Free