Threat actors move from email to browsers
New research from the eSentire Threat Response Unit (TRU) shows a shift towards browser-based threats last year as more traditional email malware declines.
Moving onto 2025 the report predicts an increase in politically motivated cyberattacks, with adversaries disrupting the physical infrastructure of the Internet to disrupt internet access. It also expects we’ll see continued growth in ransomware attacks against all industries, abuse of certificate authority, and further increase in browser-based threats to deploy malware.
The use of valid credentials as an initial access route dominated in 2024. Compromised credentials are then used to access network resources and further the attacker's objectives. This isn't a shock given how widely available user credentials are across the dark web, with high-value credentials for network access often on sale for as little as $10.
The report also notes the rise of Phishing-as-a-Service (PhaaS) operations. These arm low-skilled threat actors with advanced capabilities and a phishing kit to launch attacks. Often, these kits include email templates, fake website templates, lists of potential targets, detailed instructions, and even customer support.
TRU has observed a 31 percent increase year-on-year in the number of infostealers, largely due to the popularity of the Lumma Stealer malware. There has been an increase in distinct infostealers used too, with 35 detected in 2024 vs. 26 in 2023.
Blind spots due to a lack of monitoring on devices continue to be a problem for organizations and security defenders alike. You can't protect unseen systems and adversaries continue to exploit these blind spots by bringing their own systems onto a network using VPN or by exploiting out-of-scope endpoints such as personal devices.
The report concludes, "Given that many security teams continue to face budget constraints and are asked to consolidate their tools, it becomes imperative to prioritize the right security investments that will address the most impactful initial access vectors relevant to their specific industry."
You can find out more along with recommendations for staying secure on the eSentire site.
Image credit: denisismagilov/depositphotos.com