A recent Menlo Security report identifies several key drivers behind the sharp rise in browser-based attacks, including AI-powered attacks, phishing-as-a-service (PhaaS) and zero-day vulnerabilities. The research reveals that a surge in generative AI-based threats has spurred a 140% increase in browser-based phishing attacks compared to 2023, and a 130% increase specifically in zero-hour phishing attacks.

Microsoft, Facebook, and Netflix were the brands most commonly impersonated in browser-based phishing attempts. Generative AI services are also increasingly impersonated – in 2024, researchers identified nearly 600 incidents of GenAI fraud, in which imposter sites used GenAI platform names to manipulate and exploit unsuspecting victims.

Key findings from the State of Browser Security Report include:

• Cybercriminals created nearly 1M new phishing sites each month, which represents a 700% increase since 2020.
• Nearly 51% of browser-based phishing attempts involved some form of brand impersonation.
• 75% of phishing links are hosted on good, trusted websites, with up to six days as the average window of exposure before legacy security tools begin blocking pages from zero-hour phishing attacks.
• Phishing attacks hosted on subdomain providers increased by 51%, representing 24% of all phishing attacks.
• Four of the top five hosting providers used by bad actors to host phishing attacks were based in the U.S., potentially reflecting the country's economic and political significance, increased digital transformation and remote work, and the growing reliance on U.S.-based cloud services and SaaS platforms housing critical data and financial information.
• Instances of attackers exploiting cloud services to host malicious content including phishing sites and ransomware is on the rise. AWS and CloudFlare accounted for nearly 50% of all instances of abused cloud hosting instances in 2024.

Read the report.