Full Report
A surge in browser-based phishing attacks has been recorded over the past year, with a 140% increase compared to 2023 according to Menlo Security
Analysis Summary
# Incident Report: Surge in Browser Phishing Attacks (2023-2024)
## Executive Summary
A significant surge in browser-based phishing attacks was observed between 2023 and 2024, totaling 752,000 incidents, representing a 140% year-over-year increase. The primary drivers for this trend include the adoption of AI-driven phishing techniques and the increased exploitation of enterprise browsers. The primary impact stems from heightened credential theft and the bypassing of traditional security controls via sophisticated evasion methods.
## Incident Details
- **Discovery Date:** The report summarizing the 2023-2024 period was published on March 19, 2025.
- **Incident Date:** Ongoing analysis covering the period between 2023 and 2024.
- **Affected Organization:** Various organizations targeted by widespread phishing campaigns.
- **Sector:** General corporate/enterprise environment (implied by focus on enterprise browsers).
- **Geography:** Not specified, global in nature.
## Timeline of Events
### Initial Access
- **Date/Time:** Throughout 2023 to 2024.
- **Vector:** Browser-based phishing utilizing sophisticated evasion techniques and social engineering.
- **Details:** Attackers leveraged zero-hour phishing attacks, with over 170,000 identified in the last 12 months.
### Lateral Movement
- Not detailed in the provided summary, as the focus is on initial access and widespread scanning/detection rates.
### Data Exfiltration/Impact
- **Impact:** Credential phishing campaigns targeting sensitive information, often impersonating trusted enterprise applications or using deceptive branding.
### Detection & Response
- **How it was discovered:** Analysis conducted by Menlo Security, resulting in a published report.
- **Response actions taken:** The context implies the *detection* of the trend, but specific remediation actions taken by targeted organizations are not detailed.
## Attack Methodology
- **Initial Access:** Browser-based phishing, leveraging zero-day vulnerabilities and sophisticated evasion techniques.
- **Persistence:** Not detailed.
- **Privilege Escalation:** Not detailed.
- **Defense Evasion:** One in five attacks utilized specific evasion techniques to bypass security controls.
- **Credential Access:** Credential phishing campaigns were prevalent, often disguised as legitimate enterprise services.
- **Discovery:** Not detailed.
- **Lateral Movement:** Not detailed.
- **Collection:** Targeting sensitive information via deceptive landing pages.
- **Exfiltration:** Not detailed.
- **Impact:** User compromise leading to credential theft.
## Impact Assessment
- **Financial:** Not specified.
- **Data Breach:** Compromise of sensitive information via credential theft campaigns.
- **Operational:** Potential disruption due to compromised accounts and the necessity to reset enterprise credentials.
- **Reputational:** Impacted organizations faced reputational risk due to the public nature of the large-scale phishing trend.
## Indicators of Compromise
(Note: Specific IoCs are not provided in the summary, focusing instead on high-level trends.)
- **Network indicators - defanged:** N/A
- **File indicators:** N/A
- **Behavioral indicators:** Submission of credentials to non-approved/impersonated login portals within the browser context.
## Response Actions
- **Containment measures:** Organizations utilizing enterprise browsers likely required blocking newly identified malicious domains/URLs.
- **Eradication steps:** Remediation efforts following successful credential theft (password resets, MFA enforcement checks).
- **Recovery actions:** User re-training on identifying sophisticated phishing methods.
## Lessons Learned
- **Key takeaways:** Browsers are an increasingly prioritized and effective attack vector, showing a 140% YoY increase in incidents.
- **What could have been done better:** Traditional security measures are proving less effective against modern, evasion-focused browser attacks.
## Recommendations
- **Prevention measures for similar incidents:**
1. Implement and enforce advanced browser security solutions capable of neutralizing zero-hour, in-browser threats.
2. Enhance user training to specifically target sophisticated social engineering tactics, including those using GenAI themes and brand impersonation (Brand impersonation was noted in 51% of attacks).
3. Ensure MFA is enforced across all enterprise applications, mitigating the impact of credential theft.