Introduction
In 2024 [1] [2], there has been a notable increase in browser-based cyber threats, with a significant rise in incidents involving drive-by downloads and malicious advertisements. These developments highlight the evolving landscape of cybersecurity challenges, necessitating enhanced protective measures.
Description
Browser-based cyber threats have surged in 2024 [1] [2], with threats such as drive-by downloads and malicious advertisements becoming increasingly prevalent [1] [2]. Malware like Lumma Stealer and NetSupport Manager RAT is being delivered through these methods [1], effectively bypassing traditional email filters and security measures [1]. The report indicates that valid credential abuse has risen significantly [1], with compromised credentials emerging as the most common initial access vector [2]. Fraud marketplaces are offering high-value credentials for as little as $10 [1] [2], facilitating easier infiltration into corporate environments [1] [2].
Key findings reveal that browser-based malware accounted for 70% of observed malware cases [1] [2], while email-based malware delivery has declined to 15% [1]. There was a 31% year-on-year increase in infostealer incidents [1] [2], and ransomware attacks are predicted to continue growing across various industries, alongside an increase in out-of-scope endpoint breaches [1] [2]. Additionally, attacks are increasingly originating from unmanaged personal devices and third-party vendor accounts [1] [2], with some compromised credentials traced back to contractor devices infected with infostealer malware [1] [2], raising supply chain security concerns [1] [2].
The report also highlights a shift in malware delivery tactics [2], with traditional phishing methods still prevalent [2], but new techniques such as QR code phishing and deceptive CAPTCHA gaining traction [2]. To combat these evolving threats [2], security teams are advised to adopt a multi-layered cybersecurity strategy that includes 24/7 threat detection, Endpoint Detection and Response (EDR) solutions [2], and phishing-resistant multi-factor authentication (MFA) [2]. Regular phishing simulations and security training are recommended to enhance employee awareness against social engineering tactics [2], underscoring the necessity for effective security investments that address the most critical initial access vectors pertinent to their specific industry [3], especially in light of budget constraints and tool consolidation [3].
Conclusion
The surge in browser-based cyber threats in 2024 underscores the need for organizations to adapt their cybersecurity strategies to address these evolving challenges. By implementing comprehensive, multi-layered defenses and prioritizing employee training, companies can better protect themselves against the increasing sophistication of cyber attacks. As threats continue to evolve, ongoing vigilance and investment in security measures will be crucial to safeguarding sensitive information and maintaining operational integrity.
References
[1] https://www.infosecurity-magazine.com/news/browser-cyberthreats-surge-email/
[2] https://osintcorp.net/browser-based-cyber-threats-surge-as-email-malware-declines/
[3] https://betanews.com/2025/01/14/threat-actors-move-from-email-to-browsers/
