Press Release Cyber Safety Governance & Compliance Threat Detection & Defense

What We Saw in Web Security in 2024 and What We Can Do About It

CSA Editorial January 15, 2025

3 minutes read

The rise of AI-powered attacks, Ransomware-as-a-Service (RaaS) and Zero-day vulnerabilities that focused on the web has made it clear that a new approach to browser security is needed. Traditional endpoint, SaaS or email security solution alone – are no longer enough. In response, advanced browser security solutions and browser isolation technologies became must-haves for businesses aiming to secure their digital workplaces. (CIO Influence).

AI-Powered Phishing and RaaS: The Shifts That Defined 2024

What made AI-driven attacks so alarming in 2024 was the sheer sophistication of phishing and social engineering tactics. Cybercriminals used Generative AI to craft phishing attempts that were nearly indistinguishable from legitimate communication. With 89% of browser-based threats coming from phishing (GlobeNewswire), attackers targeted individuals and businesses with frightening accuracy, easily bypassing traditional filters.

The rise of RaaS in 2024 pushed the threat of ransomware to new heights. In the first half of 2024, the average extortion demand per ransomware attack was over US$5.2M. That number includes the record victim payment of US$75 million to Dark Angels gang (trmlabs, Forbes). It’s not just payments that have accelerated: attacks have grown more complex with new ransomware strains, advanced techniques, and the rapid expansion of RaaS. Healthcare and government sectors were hit hardest with two-thirds (67%) impacted by ransomware this year, averaged in US$2.57M (Sophos).

The Ever-Present Danger of Zero-Day Vulnerabilities

In 2024, zero-day vulnerabilities surged in browsers like Chrome and Edge, revealing the increasingly sophisticated tactics attackers use to exploit unpatched systems. Chrome, in particular, faced multiple high-severity exploits, including CVE-2024-7971, a flaw in its V8 JavaScript engine that enabled hackers to remotely execute malicious code, accessing corporate systems and sensitive data before patches were deployed. The impact was significant, with organisations relying heavily on web platforms experiencing operational downtime, data breaches, and costly recoveries. It serves as a reminder of the importance of having strong protection measures in place before these vulnerabilities are exploited. (truefort).

Generative AI: The Double-Edged Sword

GenAI platforms like ChatGPT, Midjourney, and others have revolutionised the workplace, but 2024 has also showed just how risky they can be when it comes to handling sensitive information. A recent report revealed that nearly 40% of employees admitted to sharing confidential business data with AI tools, often without realising the risks involved (cybsafe). The ChatGPT security breach earlier in the year, exposed over 225,000 sets of credentials through malware attacks. In another incident, Samsung employees accidently leaked source code, internal meeting notes, and hardware data across three separate occasions within a month (wald). These events are a wake-up call for an urgent need for proper security protocols when integrating AI into business workflows.

Browser Security Takes Centre Stage

As attacks have shifted to the browser, browser security solutions are no longer optional. A 24% increase in attacks per employee in the first half of 2024 alone has driven companies to adopt more advanced browser security technologies and browser isolation (Perception Point). While isolation can effectively contain malware by separating risky sessions, it often slows down performance, compromises privacy, and falls short in preventing data loss or credential theft. Similarly, enterprise browsers offer some protection, but they don’t fully address all threats and frequently face low adoption as employees find their restrictive features impractical for daily use.

Looking Ahead to 2025: What to Expect

As we move into 2025, the cyber threat landscape will grow more sophisticated, with AI-powered threats continuing to dominate. Deepfake technology will become an even more prevalent tool for social engineering, making phishing attacks and impersonations increasingly difficult to detect. Quantum computing, though still emerging, could disrupt current encryption standards, prompting businesses to prepare with post-quantum cryptography. The browser, now a primary gateway for work and data, will remain a critical battleground, driving advancements in browser security as organisations recognise the need to protect this vital access point.

To combat these escalating threats, organisations must adopt proactive defences, strengthen governance, implement zero-trust frameworks, and invest in AI-driven threat detection to stay ahead in an evolving digital landscape.