North America Today
SEE OTHER BRANDS
North America Today

The top news stories from the United States

Submit Press Release

New WatchGuard Research Reveals 171% Increase in Total Unique Malware as Attackers Defy Traditional Defenses

Other key findings show an increase in email-borne malware threats, a rise in unique and evasive endpoint threats, and a decline in ransomware—shifts shaped by the AI boom.

SEATTLE, July 08, 2025 (GLOBE NEWSWIRE) -- WatchGuard® Technologies, a global leader in unified cybersecurity for managed service providers (MSPs), today released the findings of its latest Internet Security Report, a quarterly analysis detailing the top malware, network, and endpoint security threats observed by the WatchGuard Threat Lab researchers during the first quarter of 2025.  

The report’s key findings reveal a 171% (quarter-over-quarter) increase in total unique malware detections, the highest the Threat Lab has recorded. Pair this with a significant increase in “zero day malware,” and this signals a sharp rise in evasive threats designed to bypass signature-based detection—that is, traditional security systems that rely on patterns to detect threats. Notably, proactive machine learning (ML) detection offered by IntelligentAV (IAV) surged 323%, highlighting its critical role in detecting advanced malware. Gateway AntiVirus (GAV) hits increased by 30%, and Transport Layer Security (TLS) malware increased by 11 points, underscoring encrypted channels as a primary attack vector. The dramatic surge in IAV and heightened TLS malware emphasizes attackers’ reliance on obfuscation and encryption, challenging conventional defenses. The findings stress the need for enhanced visibility and adaptive security to combat these sophisticated, concealed threats at scale. 

The Threat Lab also observed a 712% increase in new malware threats on endpoints. To underscore the severity of this figure, new malware threats have seen a consistent decline over the past three quarters. The top malware threat on the endpoint was LSASS dumper, a credential stealer used for tasks such as logging onto systems, managing passwords, and creating access tokens. Attackers exploit LSASS to access system components by bypassing user mode and performing direct kernel-mode instructions.   

“The latest findings in the Q1 2025 Internet Security Report seem to support a larger cybersecurity industry trend: the AI war is here. Attackers are increasingly relying on social engineering and phishing techniques supercharged by AI tools,” said Corey Nachreiner, chief security officer, WatchGuard Technologies. “Attackers now have the capabilities to launch highly targeted campaigns at scale using automated pipelines, emphasizing the need for organizations to adopt robust, precise, and powerful security measures to stay ahead of the advancements in AI and the evolving cyber risks.” 

Additional key findings from WatchGuard’s Q1 2025 Internet Security Report include:  

  • Ransomware declined 85% from the previous quarter, although the second most detected malware threat was a ransomware payload: Termite ransomware. This supports the industry trend of a decrease in crypto ransomware, the malware that encrypts files. Attackers are now shifting toward data theft instead of encryption, as improvements in data backups and recovery have been made. 
  • Scripts, files derived from or using a scripting programming language, are down by about half this quarter, the lowest they’ve ever been. Historically, the Threat Lab has observed scripts as the number one attack vector for malware detection on endpoints. Other Living off The Land (LoTL) techniques, such as Windows, saw the highest increase from quarter to quarter at 18%, filling the gap left by scripts. 
  • The top malware detected over encrypted connections was Trojan.Agent.FZPI, a new malicious HTML file that merges legitimate-looking files with encrypted communication. This threat combines several techniques that threat actors have employed over the last few years into one super phishing attachment. Organizations must implement robust TLS inspection, behavioral analysis, and endpoint protection to detect and neutralize this threat. 
  • In Q1 2025, the most widespread malware was Application.Cashback.B.0835E4A4, a newly identified threat and among the most prevalent malware families ever recorded, with the highest impact in Chile at 76% and Ireland in second at 65%. The prevalence of Application.Cashback variants signal the need for region-specific defenses to address these sophisticated threats. 
  • The unique number of network signatures triggered, or known attacks detected on networks, decreased by 16% from last quarter as attackers focused on a narrower set of exploits. The network attack landscape highlights that while new exploits do emerge, attackers continue to heavily exploit unpatched legacy vulnerabilities at scale, forcing organizations to address both fronts simultaneously. 
  • Malware threats are continuing to emerge via email rather than the web, suggesting that threat actors are targeting users with traditional phishing techniques, as AI makes it easier to compose believable spear phishing messages. However, AI and machine learning-based tools are detecting significantly more threats at the network and endpoint perimeter in Q1 2025. 

Consistent with WatchGuard’s Unified Security Platform® approach and the WatchGuard Threat Lab’s previous quarterly research updates, the data analyzed in this quarterly report is based on anonymized, aggregated threat intelligence from active WatchGuard network and endpoint products whose owners have opted to share in direct support of WatchGuard’s research efforts. 

For a more in-depth view of WatchGuard’s research, download the complete Q1 2025 Internet Security Report.  

About WatchGuard Technologies 

WatchGuard® Technologies, Inc. is a global leader in unified cybersecurity. Our Unified Security Platform® is uniquely designed for managed service providers to deliver world-class security that increases their business scale and velocity while also improving operational efficiency. Trusted by more than 17,000 security resellers and service providers to protect more than 250,000 customers, the company’s award-winning products and services span network security and intelligence, advanced endpoint protection, multi-factor authentication, and secure Wi-Fi. Together, they offer five critical elements of a security platform: comprehensive security, shared knowledge, clarity & control, operational alignment, and automation. The company is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com

For additional information, promotions, and updates, follow WatchGuard on Instagram, X.com (@WatchGuard), Facebook, or LinkedIn. Stay tuned to the WatchGuard corporate blog for all the latest company updates and awards, industry news and trends, and more. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them. Subscribe to The 443 – Security Simplified podcast wherever you find your favorite podcasts.  

WatchGuard is a registered trademark of WatchGuard Technologies, Inc. All other marks are property of their respective owners.


Tracy Hillstrom
WatchGuard Technologies, Inc 
Tracy.Hillstrom@watchguard.com

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Share us

on your social networks:
Facebook Facebook LinkedIn LinkedIn
AGPs

Get the latest news on this topic.

SIGN UP FOR FREE TODAY

No Thanks

By signing to this email alert, you
agree to our Terms of Service