Recent Evolution of Browser-based Cyber Threats, and What to Expect Next

In 2024, browser security faced some of the most advanced cyber threats to-date. As enterprises continue to transition to and from remote work environments, relying on SaaS platforms, cloud-based applications, hybrid work setups, and BYOD policies, attackers have become hyperfocused on the browser as the connective tissue linking and supporting almost all work and personal activities.

The rise of AI-powered attacks, abusive cloud hosting services, phishing-as-a-service (PhaaS), and zero-day vulnerabilities that focus on enterprise browsers have underscored the need for a new approach to browser security. Traditional network and endpoint security tools alone are no longer enough. Menlo Security’s annual “State of Browser Security Report” reveals a significant surge in browser-based attacks, particularly those utilizing artificial intelligence (AI) and sophisticated impersonation methods.

Key Research Findings

The modern browser transcends its traditional role as a web access tool; it’s now a primary entry vector for advanced cyberattacks. Attackers are increasingly leveraging browser vulnerabilities to pilfer sensitive data and circumvent conventional security measures. Menlo researchers identified a dramatic 140% surge in browser-based phishing attacks year-over-year, coupled with a 130% increase in zero-hour phishing incidents specifically.

Credential phishing continued to run rampant in 2024, largely because traditional security measures like firewalls, secure web gateways, and antivirus tools remain ineffective against these, and other sophisticated techniques used by cybercriminals. In fact, six days is the average window of exposure before legacy security tools can detect threats from zero-hour phishing attacks. While many enterprises have endeavored to improve browser security, they tend to focus on security at the network or endpoint level, which are not equipped to combat evasive threats like obfuscating malicious code, fileless malware and memory-only payloads. These techniques hide malicious activity within seemingly legitimate web traffic, making detection more difficult.

Cloud-network services have attempted to mitigate the growing problem of browser-based attacks, but they often introduce added complexity and significant management costs without delivering robust protection against advanced phishing tactics. Compounding these challenges is the escalating trend of attackers exploiting cloud services themselves to host malicious content, including phishing sites and ransomware. Notably, AWS and CloudFlare accounted for nearly 50% of all instances of abused cloud hosting in 2024. This concentration underscores the allure of major cloud providers as targets for malicious actors who seek to leverage their extensive infrastructure for illicit activities, highlighting a critical security gap that existing solutions are failing to adequately address.

Continuing Trends

The data in the Menlo State of Browser Security Report is a clear indication of the current threat landscape, and what enterprises can expect in 2025 and beyond. Here are our research-based predictions for the months to come:

1.Ransomware will continue to reign supreme. Ransomware will remain a highly prolific attack type, with cybercriminals targeting critical infrastructure to extract financial gains. We expect threat actors to increasingly use browser-based attacks to deploy ransomware, targeting sectors like healthcare, energy and transportation, and using the advanced techniques described above to bypass traditional defenses. The significant impact of ransomware attacks, such as the phishing campaign against Change Healthcare in 2024, highlights the need for organizations to prioritize browser security, adopt strong security measures and stay updated with the latest threat intelligence and business continuity protocols.

2.AI-driven deepfakes will aid in bypassing traditional security tools. The volume of AI-driven cyber fraud has not yet reached its peak – we will see this attack type continue to rise in 2025 and beyond. Scam activities such as fake AI tools posing as legitimate platforms offering premium AI services will be used to steal login credentials and personal data, or direct users to phishing forms. Exploitation of user trust through sophisticated social engineering techniques will be key to targeting social media platforms and search engines.

3.The cyber gap between small and large businesses will continue, leaving smaller businesses more vulnerable to attack. Larger enterprises are among the first to begin incorporating browser security strategies and security tooling that incorporates AI, helping with defenses that leave too much room for human error. On the other hand, we will see a larger proportion of small businesses continue to be affected by ransomware and other browser-based threats due to fewer resources, lack of dynamic security controls in the browser, and their inability to effectively monitor user behavior. Organizations will also start to leverage AI to level out their Security Operations Centers (SOCs), so that they don’t need as many resources to run it. Regardless of size, browser security is no longer optional but a fundamental survival strategy requiring proactive protection and preventative security.

4.Threats to edge and IoT devices will rise. Edge and Internet of Things (IoT) devices are becoming prime targets for cybercriminals, particularly due to their often-limited security measures and widespread use in both personal and corporate settings. From smart cameras and wearables to home assistants, there will be more zero-day vulnerabilities exploited in the wild, with threat actors identifying and exploiting these weaknesses to gain control of these devices, use them for DDoS attacks and other malicious activities.

5.Left unsecured, remote and hybrid environments will exacerbate insider threats. In the months to come, insider threats will increasingly originate from well-intentioned users who fall victim to sophisticated targeted attacks, exacerbated by remote and hybrid work environments. New tools and technologies will emerge to assist users in avoiding these risks, removing the burden of identifying and mitigating potential risks on their own. These tools will be able to detect malicious activity and perform far above the capacity of manual human analysis.

Browser security will remain a critical area of focus for both security teams and end users, affecting both equally. The cyber threat landscape is shifting quickly, driven by advancements in technology such as AI and also changes in how and where people work. Cybercriminals are constantly refining their attack tactics – organizations must be doing the same on the defensive side, looking to implement robust security measures, prioritizing browser safety, and leveraging innovative tools to detect and thwart threats.