Menlo released the latest State of Browser Security report this week, showing a dramatic increase in browser-based attacks, driven by the rise of generative AI (GenAI). This report highlights the growing sophistication of cybercriminals, who are now leveraging AI-powered attacks, phishing-as-a-service (PhaaS), and zero-day vulnerabilities to target enterprise browsers.
To compile the report, Menlo Threat Intelligence analyzed more than 752,000 browser-based phishing attacks and studied the trends now shaping AI-powered threats. The research reveals that a surge in generative AI-based threats has spurred a 140% increase in browser-based phishing attacks compared to 2023, and a 130% increase specifically in zero-hour phishing attacks.
The report also shows an increase in phishing attacks that impersonate popular GenAI tools over the past year. These attacks use imposter sites to manipulate and exploit unsuspecting victims to hand over proprietary and private information.
Interestingly, the majority of GenAI fraud was not for the purpose of credential theft. Instead, these impersonation sites attempt to trick people into entering highly personal information by promising to generate a résumé or similarly personal document. In addition to cybercriminals stealing sensitive and personal information, the returned document is typically a PDF where malware can hide out and be delivered.
Attackers Are Using AI to Bypass Traditional Security
The report shows that the enterprise browser has become the initial access point for sophisticated cyberattacks – enabling adversaries to exploit vulnerabilities, steal sensitive data, and bypass traditional security controls. According to Gartner, more than 98% of attacks originate from Internet usage with 80% of those targeting local, end user browsers.
Unfortunately, traditional network and endpoint security tools alone are no longer enough. Firewalls, secure web gateways and antivirus tools remain ineffective against the sophisticated techniques used by today’s threats. While many enterprises have endeavored to improve browser security, they tend to focus on security at the network or endpoint level, which is not equipped to combat evasive threats.
Cloud-network services have attempted to address the problem, but they often add complexity to the IT stack and come with high management costs without providing effective protection against advanced phishing attacks.
Additionally, check-box solutions like traditional Remote Browser Isolation (RBI) have proven largely ineffective against evasive browser-based phishing attacks – such as Legacy URL Reputation Evasion (LURE) attacks that are able to evade web filters that attempt to categorize domains based on implied trust. By compromising poorly secured websites, LURE attacks are used to gain entry to endpoints, delivering malware to further the attacker’s goal to move laterally and deeper within organizations.
Cybercriminals are also leveraging AI-powered techniques to increase their chances of bypassing traditional security layers, enabling them to enhance the scale at which they compromise poorly secured websites, create counterfeit sites, and embed malware in files that existing tools fail to detect.
Attacks Are Increasingly Targeting Users Through the Browser
The rise of AI-powered attacks, phishing-as-a-service (PhaaS), and zero-day vulnerabilities that focus on enterprise browsers have underscored the need for a new approach to enterprise security. It is clear that the browser has become a prime target for cybercriminals. These attacks are more refined, using evasive techniques to specifically target users through their browsers.
This is a troubling trend. Today’s browser-based threats are constantly evolving and showing no signs of slowing down – ultimately presenting a growing risk to organizations.
More key insights from the report:
- Over the last 12 months, Menlo detected more than 752,500 browser-based phishing attacks, representing a nearly 140 percent year-over-year increase
- One in five attacks display some form of evasive technique designed to evade traditional
- network and endpoint-based security controls
- Menlo Threat Intelligence identified more than 170,000 zero-hour phishing attacks over the last 12 months, a 130% increase from 2023
- Facebook, Microsoft, and Netflix were the top three impersonated brands in 2024
- GenAI threats have begun to surge over the last year with nearly 600 incidents identified using GenAI names as imposter sites to manipulate and exploit unsuspecting victims
Read the Full Report
Advanced phishing, zero-day exploits, and data exfiltration through browser-based channels are increasing, and fraudulent GenAI sites have emerged as a new threat. Organizations will need to strengthen their cybersecurity defenses to meet these new challenges, using enhanced browser security to enable zero trust access and govern the use of GenAI tools. This includes secure cloud browsing solutions that secure the modern workspace by physically separating a user's browsing activity from the network. And, ideally, these secure enterprise browser solutions protect users from browser-based threats without changing the user experience.
Download State of Browser Security: Attacks Employ AI to Advance Beyond Phishing and Ransomware Delivery to learn more about the evolution of today’s increasingly sophisticated threats.
