The threat situation in the digital space is becoming increasingly complex and sophisticated. According to a recent study, in the second half of 2023 there was a 198 percent increase in browser-based phishing attacks and a 206 percent increase in evasive attacks.
During the same period, over 31.000 specially designed threats were identified that were designed to evade detection by security solutions. The most common attack techniques are phishing, social engineering, smishing and deepfakes. These tactics aim to exploit human susceptibility to manipulation, which then allows cybercriminals to gain access to sensitive data.
This development is particularly concerning because, unlike traditional phishing attacks, browser-based attacks require a new level of trust and caution. While emails often have to meet certain expectations in terms of sender, content and format, with a browser a convincing-looking website with a suitable URL or the use of an exploit is often enough to deceive victims and launch an attack.
The use of evasion techniques such as Legacy URL Reputation Evasion (LURE) is also an example of the sophistication and variety of attack strategies. This tactic involves taking URLs from trusted websites or keeping your own domains inactive for extended periods of time in order to establish a form of confidentiality and create a false sense of security among victims.
Protection against browser-based threats
The enormous scale of browser-based attacks illustrates the threat situation and shows the need for effective defensive measures. Particularly alarming is the increasing use of browser-based phishing attacks that leave no recognizable signatures or digital traces. This characteristic causes many common security programs to be unable to identify the obfuscated attacks.
Given the seriousness of the threat situation and the fact that conventional security solutions quickly reach their limits, there is a need to cultivate increased awareness of such dangers among users. Security awareness training can be used to educate employees about the different types of attacks. In this way, they learn sustainable strategies for recognizing and reporting suspicious activities. This, in turn, strengthens an organization's security culture and supports companies in the fight against increasingly advanced cyber threats.
More at KnowBe4.com
About KnowBe4 KnowBe4, provider of the world's largest platform for security awareness training and simulated phishing, is used by more than 60.000 companies around the world. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new approach to security education. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped develop the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.