Browser-based phishing spikes

Threat actors deployed 550,000 browser-based phishing attacks in 2023, with the number of intrusions rising by 198% between the first and second half of the year, reports SiliconAngle. Thirty percent of all browser-based phishing attacks were able to bypass traditional security controls, according to a report from Menlo Security. Intrusions that involved legacy reputation URL evasion also increased by 70% from 2022, with over 73% of such attacks stemming from categorized domains. Meanwhile, over 11,000 zero-hour phishing attacks were discovered to be undetectable by endpoint tools and secure web gateways during a 30-day period. "While existing network and endpoint solutions offer partial protection, these tools ultimately rely on block lists and indicators-of-compromise feeds, containing previously convicted phishing URLs, to protect against unknown or never before seen phishing attacks. However, traditional solutions fall short because they lack visibility into browsers and dynamic web content and don't provide the complete picture," said Menlo Security Senior Manager of Cybersecurity Strategy Neko Papez.