In the second half of 2023, there was a significant increase in browser-based phishing attacks, rising by 198% compared to the first half of the year. This escalation highlights a growing trend of sophisticated and evasive tactics used by cybercriminals. Particularly concerning are attacks classified as Highly Evasive Adaptive Threats (HEAT), which saw a 206% increase.
These evasive attacks, which now constitute 30% of all browser-based phishing incidents, employ various techniques to bypass traditional security measures. They include tactics such as SMS phishing (smishing), Adversary in the Middle (AITM) frameworks, image-based phishing, brand impersonation, and methods to bypass Multi-Factor Authentication (MFA).
The research, conducted by Menlo Security, also revealed that a significant portion of these attacks originate from websites that are typically categorized as trustworthy. This makes them more challenging to detect with standard security tools. Over a 30-day period, the Menlo Labs Threat Research team observed over 11,000 zero-hour phishing attacks that showed no identifiable signature or digital breadcrumb, indicating a critical gap in the effectiveness of existing Secure Web Gateway (SWG) or endpoint tools in detecting such attacks.
Moreover, Legacy Reputation URL Evasion (LURE) attacks have also increased, characterized by methods where threat actors evade web filters by using domains that are generally trusted or categorized as safe. It was found that more than 73% of LURE attacks originated from such categorized websites.
In response to these evolving threats, security experts recommend a more targeted approach to browser security, leveraging AI-based strategies like object detection, URL risk assessment, and web page element analysis to combat these sophisticated cyber threats. This proactive and advanced approach is necessary to adapt to the rapidly evolving tactics of modern cybercriminals and to protect against these increasingly common and sophisticated browser-based phishing attacks.