A surge in browser-based phishing attacks has been recorded over the past year, with 752,000 incidents identified between 2023 and 2024, marking a 140% increase Year over Year (YoY). The rise of artificial intelligence (AI)- driven phishing techniques and the exploitation of enterprise browsers have contributed to this trend. According to a new report by Menlo Security, cybercriminals are increasingly focusing on browsers as their primary attack vector, leveraging sophisticated evasion techniques, social engineering,, and zero-day vulnerabilities to bypass traditional security measures. [1]
The report identified more than 170,000 zero-hour phishing attacks in the last 12 months, reflecting a 130% increase from 2023. Additionally, one in five attacks leveraged evasion techniques to bypass security controls. “Malicious actors are quick to develop new techniques to evade detection and [...] increase the number of browser-based phishing attacks,” said Thomas Richards, principal consultant at Black Duck.
See: https://redskyalliance.org/xindustry/greatness-in-phishing
The report also highlights a sharp rise in credential phishing campaigns, which often masquerade as trusted enterprise applications or use deceptive branding to lure victims into providing sensitive information. Phishers exploit the high public interest in GenAI by imitating popular AI platforms, banking on user curiosity and trust in cutting-edge technology,” explained Jason Soroko, a senior fellow at Sectigo.
The report outlines several notable trends related to these attacks:
• Brand impersonation was used in 51% of browser-based phishing attacks.
• GenAI names were used to deceive users in nearly 600 phishing incidents.
• Exploitation of zero-day targeting vulnerabilities in popular browsers like Chrome and Edge.
• Abuse of Cloudflare services for phishing increased by 104% in 2024.
• Adoption of Phishing-as-a-Service (PhaaS), facilitating large-scale attacks.
“The threat landscape will continue to intensify significantly with faster, more sophisticated attacks leveraging both new and reinvented techniques,” said Stephen Kowski, field CTO at SlashNext. “Attackers will continue exploiting trusted platforms and using GenAI to create more convincing phishing campaigns at an unprecedented scale.”
Despite increased investment in cybersecurity, traditional defenses such as firewalls and secure web gateways are proving inadequate against these evolving threats. Attackers are refining their methods, deploying evasive techniques that evade detection, including fileless malware and memory-only payloads. “Organizations are making risky trade-offs by relying on basic security tools and default email protection instead of investing in comprehensive security solutions,” Kowski added.
To combat these threats, organizations must adopt proactive security measures. Secure cloud browsing solutions can isolate user activity from enterprise networks to prevent malicious content from compromising systems. Meanwhile, AI-enhanced threat detection tools can help identify and neutralize sophisticated phishing campaigns before they cause damage. “Organizations must adopt real-time, AI-driven mobile security to detect and block phishing before users are compromised,” said Krishna Vishnubhotla, vice president of product strategy at Zimperium. “Relying on outdated defenses is no longer enough; security must evolve as fast as the threats.”
This article is shared at no charge and is for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
• Reporting: https://www.redskyalliance.org/
• Website: https://www.redskyalliance.com/
• LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.infosecurity-magazine.com/news/752000-browser-phishing-attacks/
© 2025 Red Sky Alliance Corporation. All rights reserved.
Comments