Since the widespread adoption of the World Wide Web in the ‘90s, browsers have played an instrumental role in how people use the internet. Especially within this digital age, everyone has access to a number of browsers to fit different designs and user preferences, and individuals spend hours each day within browsers for both work and personal purposes. In today’s evolving cybersecurity threat landscape, browsers have become a primary attack vector for cybercriminals as they seek to exploit vulnerabilities, harvest credentials, and bypass traditional security defenses. Menlo’s Security annual “State of Browser Security Report” highlights the alarming increase of browser-based attacks, especially those leveraging artificial intelligence (AI) and advanced impersonation tactics.
Also Read: Zero Trust in the Cloud Era: Securing Hybrid and Multi-Cloud Environments
The Browser Security Crisis
Menlo’s report uncovered a 140% year-over-year increase in browser-based phishing attacks, with a 130% rise in zero-hour phishing incidents. These types of attacks occur before legacy security tools can recognize and neutralize them, ultimately leaving organizations vulnerable and unprotected. To further exacerbate issues surrounding browser security, one million new phishing sites are created each month, a 700% surge since 2020. Additionally, phishing attacks increasingly leverage trusted platforms as 75% of phishing links are hosted on legitimate websites, making them even more difficult to detect and prevent.
It is evident that there has been a rapid adoption of AI-powered attack methods, and cybercriminals are deploying generative AI (Gen AI) to create hyper-realistic phishing sites and fraudulent impersonation attempts. Menlo’s research found that there were nearly 600 incidents of GenAI fraud in 2024, many of which did not aim to steal credentials but instead leveraged the technology to gather highly personal information under the disguise of document creation services. These fake AI platforms lure users into providing sensitive data, while also delivering malware-infested PDFs.
Real-World Browser-Based Attacks
In 2024, we saw numerous high-profile browser-based attacks make headlines, shining a spotlight on the evolving threat landscape and the need for a more proactive approach to browser security. For example, the 0.0.0.0 Day Vulnerability affected all major browsers and enabled external websites to community with, and potentially exploit, software that runs locally on MacOS and Linux. It exposed a fundamental flaw in the way browsers handle network requests, granting malicious actors access to sensitive services, and highlighted the risk to local endpoint browsers.
2024 also brought a number of zero-day vulnerabilities affecting Chrome and Edge browsers, underscoring the growing sophistication of attackers targeting unpatched systems. One of the severe exploits affecting Chrome was CVE-2024-7971, which allowed remote code execution. This vulnerability enabled attackers to access corporate networks and sensitive data before security patches were applied. Many organizations were impacted and experienced downtime, data breaches, and other costly recovery efforts.
Another headline-making attack in 2024 involved a Google Drawings and WhatsApp URL redirect phishing scheme that tricked users into sharing their login credentials using an impersonated Amazon account verification link hosted on Google Drawings. This attack was particularly devious because it relied on the browser’s inherent trust in established services – masquerading as part of Google’s own suite of tools – making it difficult for users to identify it as a malicious imposter.
Abuse of Cloudflare domains for phishing went up by 104% in 2024, totaling just under 5,000 incidents. Cybercriminals increasingly abused Cloudflare’s pages.dev and workers.dev domains for phishing attacks, because they offer f***********, legitimate appearances, and the ability to bypass security filters.
These newsworthy attacks and many others like them are made possible due to evasion techniques to gain initial access through the browser. Cyber attackers are increasingly exploiting browser vulnerabilities, obfuscating malicious code, and employing evasion tactics like fileless malware and memory-only payloads to bypass traditional security defenses. As enterprises adopt stronger endpoint security measures, threat actors shift their focus to browser-based exploits, where subtle, evasive approaches can circumvent conventional security tools and grant access for further compromise.
Read More on CIO Influence: AI-Augmented Risk Scoring in Shared Data Ecosystems
Brand Impersonation Fueling the Fire
Impersonated logos in phishing attacks targeting browsers is now a prevalent tactic for exploiting trust in established brands and services, and thus gaining initial access to enterprise networks. Cybercriminals leverage brand logos to craft convincing counterfeit websites that mimic legitimate business sites and services, tricking victims into sharing sensitive data and/or credentials or downloading malicious payloads. According to our threat research, nearly 51% of browser-based phishing attacks employed some form of brand impersonation, with Microsoft, Facebook and Netflix among the most impersonated brands. This impersonation tactic greatly increases the success rate of phishing attacks, since users often cannot distinguish the difference between legitimate and fraudulent sites.
Moving Forward
As threat actors continue refining their attack strategies, companies must remain proactive and adapt their security postures and processes accordingly. The rapid rise in AI-powered attacks and zero-hour phishing incidents highlights the urgency of prioritizing browser security, and by incorporating a combination of advanced technologies, real-time threat intelligence, and user education, organizations can effectively reduce their exposure to browser-based threats and protect their critical data.
