Menlo Security report finds 130% increase in zero-hour phishing attacks and nearly 600 incidents of generative AI fraud

Menlo Security reported a 130% increase in zero-hour phishing attacks amid rising AI-driven cyber threats in its annual State of Browser Security Report. The analysis, which reviewed over 752,000 phishing incidents, attributed the increase to the growing sophistication of browser-based attacks and the use of phishing-as-a-service (PhaaS) tools by threat actors. The report noted that generative AI-based threats contributed to a 140% rise in browser-based phishing incidents compared to the previous year. Brands such as Microsoft, Facebook, and Netflix were among those most frequently impersonated. Menlo Security recorded nearly 600 cases of Generative AI (GenAI) fraud, where attackers misled users with fake platforms that solicited sensitive personal information. Andrew Harding, VP of Security Strategy at Menlo Security, highlighted that many impersonation attacks aimed at harvesting personal data rather than credentials. He cited instances where attackers offered to create personalized documents, embedding malware in the returned files. The findings emphasized that the widespread use of web browsers and their frequent vulnerabilities have prompted a shift towards advanced browser-based attack methodologies. The report also specified that nearly one million new phishing sites emerged monthly, representing a 700% increase since 2020. Additionally, 75% of phishing links were hosted on trustworthy sites, suggesting a significant evasion capacity against legacy security measures. These trends indicate an evolving threat landscape that enterprises must address by prioritizing browser security to defend against increasingly sophisticated attacks.