171% Surge in Unique Malware Detections: Report
WatchGuard Technologies has released findings from its Q1 2025 Internet Security Report showing a 171% quarter-over-quarter increase in total unique malware detections, marking the highest level the company's Threat Lab has recorded.
The cybersecurity company's research revealed a 323% surge in proactive machine learning detection through its IntelligentAV system, while Gateway AntiVirus hits increased by 30%. Transport Layer Security malware rose by 11 percentage points, indicating encrypted channels as a primary attack vector.
Endpoint threats saw dramatic changes, with new malware threats increasing 712% after three consecutive quarters of decline. The top malware threat identified was LSASS dumper, a credential stealer that bypasses user mode to perform direct kernel-mode instructions for accessing system components.
Despite the overall malware surge, ransomware declined 85% from the previous quarter. However, Termite ransomware ranked as the second most detected malware threat. The report indicates attackers are shifting toward data theft rather than encryption due to improvements in data backup and recovery systems.
Script-based attacks dropped to their lowest recorded levels, declining by approximately 50%. Other "Living off The Land" techniques using Windows systems increased 18% quarter-over-quarter.
The most widespread malware identified was Application.Cashback.B.0835E4A4, with the highest impact in Chile at 76% and Ireland at 65%. Over encrypted connections, Trojan.Agent.FZPI emerged as the top threat, described as a malicious HTML file combining legitimate-looking files with encrypted communication.
Network attack patterns showed a 16% decrease in unique signatures triggered, suggesting attackers focused on a narrower set of exploits while continuing to target unpatched legacy vulnerabilities.
The research indicates malware threats are increasingly emerging through email rather than web-based attacks. According to Chief Security Officer Corey Nachreiner, attackers are leveraging AI tools for enhanced social engineering and phishing campaigns, enabling highly targeted attacks at scale.
The report analyzed anonymized, aggregated threat intelligence from active WatchGuard network and endpoint products whose owners opted to share data for research purposes.