Browser-based cyber-threats have surged throughout 2024, marking a significant shift in the tactics employed by malicious actors.

According to new findings from the 2024 Threat Data Trends report by the eSentire Threat Response Unit (TRU), while malware delivered via email declined last year, browser-sourced threats, including drive-by downloads and malicious advertisements, rose sharply.

These techniques are being increasingly used to deliver malware, such as Lumma Stealer and NetSupport Manager RAT, with attackers favoring them due to their ability to bypass traditional email filters and security controls.

Valid credential abuse also saw a significant uptick, with compromised credentials becoming the most common initial access vector. Fraud marketplaces were found offering high-value credentials for as little as $10, making it easier for cybercriminals to infiltrate corporate environments.