The Rising Threat of Browser-based Phishing Attacks

The 2023 state of browse Security Report by Menlo Security Inc., has shed light on a concerning trend - a staggering 198% increase in browser-based phishing attacks during the second half of 2023 compared to the first half. Even more alarming is the 206% surge in evasive threats, which now make up 30% of all browser-based phishing attacks. These evasive tactics include SMS phishing (smishing), adversary in the middle (AITM) frameworks, image-based phishing, brand impersonation, and Multi-Factor Authentication (MFA) bypass. It's clear that organizations must take immediate action to protect their users from this growing menace. 

Uncovering the Threat Landscape 

Over the past 12 months, more than 550,000 browser-based phishing attacks have been detected, posing a significant risk to individuals and businesses alike. Of particular concern is the rising prevalence of Legacy Reputation URL Evasion (LURE) attacks, which have seen a startling 70% increase since 2022. LURE attacks employ sophisticated techniques to deceive web filters that classify domains based on trustworthiness. What's even more troubling is that 73% of LURE attacks originate from categorized websites. This implies that traditional security tools are lagging in identifying and mitigating these threats effectively. 

One key takeaway from the Menlo Security report is the significant latency between the appearance of a zero-hour phishing attack and its detection by traditional security tools. On average, it takes six days for such attacks to be added to these mechanisms, leaving users and organizations vulnerable for an extended period. This highlights the dire need for a proactive and robust security solution that can stay ahead of evolving phishing techniques. 

Adopting Passkeys for Enhanced Security 

To combat the rising tide of evasive phishing attacks, organizations are turning to innovative solutions such as passkeys. Passkeys enhances security during authentication, making it significantly tougher for threat actors to compromise user credentials. By leveraging passkeys, businesses and individuals can protect themselves from brand impersonation, MFA bypass attempts, and other sophisticated phishing tactics. Protecting your systems and users from evasive phishing attacks should be a top priority. By adopting passkeys, you can fortify your organization's defenses and provide enhanced security for your users. Visit IDmelon today to explore how passkeys can revolutionize your authentication process and schedule a demo to experience the power of enhanced security firsthand. 

Sources: 

https://www.securitymagazine.com/articles/100343-browser-based-phishing-attacks-increased-198-in-h2-2023 

https://resources.menlosecurity.com/all-content/state-of-browser-security-defending-browsers-against-zero-hour-phishing-attacks