WatchGuard Report: Malware Explodes Across Network and Endpoints

In WatchGuard’s just-released Q1 2025 Internet Security Report, one thing is clear: attackers are getting faster, stealthier, and more sophisticated, powered by an underground boom in AI tools. The numbers speak for themselves:

• Network Malware Nearly Doubles: Network-based malware detections surged 171% quarter-over-quarter, driven largely by a 323% increase in machine learning-powered detection from IntelligentAV. This shows that traditional defenses are falling short, while AI-based tools are becoming mission-critical.
• Endpoint Malware Is Getting Smarter, Not Louder: While total endpoint malware volume dropped, new unique variants skyrocketed by 712% ‒ proof that attackers are focusing on stealthy, evasive malware like trojans, info stealers, and coinminers that bypass conventional detection methods.
• Encryption Is the New Weapon of Choice: A massive 71% of all malware now arrives over encrypted (TLS) connections, making deep packet inspection and behavioral analysis essential for threat visibility
• AI Fuels Threat Actor Innovation: The rapid growth of underground AI tools appears to be accelerating threat development, allowing cybercriminals to launch sophisticated malware campaigns at scale.
• Zero-Day Malware Now Dominates: Nearly three-quarters of all malware detections evaded signature-based defenses, and 87% of encrypted malware was classified as zero-day ‒ highlighting the critical need for proactive detection technologies.
• Ransomware Declines, But Tactics Shift: Ransomware dropped 85% as attackers pivot from encryption to data theft, responding to improved backup and recovery solutions.
• Network Exploits Stall, But Old Vulnerabilities Persist: While network attacks remained mostly flat, down 16% in unique exploit attempts, legacy flaws like ProxyLogon and HAProxy continue to be exploited, revealing a persistent patch gap in many organizations.
• Changing Delivery Tactics: For the first time in years, script-based delivery methods declined, while malware delivered via browsers and piracy tools surged ‒ marking a return to "drive-by downloads" and alternative vectors.

These insights paint a clear picture: evasive, AI-driven threats are reshaping the cybersecurity battlefield. Organizations must adapt with layered, intelligent, and proactive defenses to stay ahead.

Want to dive deeper into the trends and tactics shaping today’s threat landscape? Download the full Q1 2025 Internet Security Report for expert analysis and actionable strategies.