Threat analysis published this week by Watchguard points to a 171% rise in unique malware detections – the steepest increase recorded by the firm to date, underscoring a shift toward evasive tactics that are bypassing conventional security systems.

The Q1 2025 data shows a surge in zero day malware, while machine learning-led malware detection increased more than threefold, and malware over encrypted traffic rose by 11 percentage points.

The researchers noted a 712% jump in new malware threats at the endpoint, reversing a three-quarter decline. The most common endpoint threat was LSASS dumper, a credential-stealing tool that exploits low-level access to systems.

“The latest findings in the Q1 2025 Internet Security Report seem to support a larger cyber security industry trend: the AI war is here. Attackers are increasingly relying on social engineering and phishing techniques supercharged by AI tools,” said Corey Nachreiner, chief security officer, WatchGuard Technologies. “Attackers now have the capabilities to launch highly targeted campaigns at scale using automated pipelines, emphasising the need for organisations to adopt robust, precise and powerful security measures to stay ahead of the advancements in AI and the evolving cyber risks.”

The report also found that ransomware incidents had dropped 85% quarter-on-quarter, but pointed to a growing trend of attackers favouring data theft over file encryption. Termite ransomware remained one of the most common payloads.

The top malware detected over encrypted channels was a new HTML-based trojan combining multiple obfuscation techniques. It underlined the continued use of phishing attachments and the importance of encrypted traffic inspection and endpoint defence.

---