State of Browser Security Report

There is up to six days as the average window of exposure before legacy security tools begin blocking pages from zero-hour phishing attacks.

AWS and CloudFlare accounted for nearly 50% of all instances of abused cloud hosting instances in 2024.

Menlo Security identified nearly 600 incidents of GenAI fraud in 2024.

There has been a 130% increase in zero-hour phishing attacks in 2024.

Nearly 51% of browser-based phishing attempts involved some form of brand impersonation in 2024.

Cybercriminals created nearly 1 million new phishing sites each month in 2024. This represents a 700% increase since 2020.

75% of phishing links are hosted on good, trusted websites.

Four of the top five hosting providers used by bad actors to host phishing attacks were based in the U.S. in 2024.

Phishing attacks hosted on subdomain providers increased by 51% in 2024, representing 24% of all phishing attacks.

There has been a 140% increase in browser-based phishing attacks in 2024 compared to 2023.

One in five attacks in 2024 displayed some form of evasive technique designed to evade traditional network and endpoint-based security controls

Cybercriminals created nearly 1 million new phishing sites each month in 2024. This represents a 700% increase since 2020.