WatchGuard released its Q1 2025 Internet Security report, noting a 171 percent consecutive quarterly increase in unique malware detections, the highest ever recorded, in addition to a “significant” increase in zero-day malware.
Notably, proactive ML detection offered by intelligentAV (IAV) surged 323 percent, gateway antivirus (GAV) hits increased 30 percent and TLS malware increased by 11 points. The surge in IAV and heightened TLS malware emphasizes attackers’ reliance on obfuscation and encryption, thus stressing the need for enhanced visibility and adaptive security to combat the sophisticated, concealed threats.
It also observed a 712 percent increase in new malware threats on endpoints, despite having seen a consistent decline over the past three quarters.
“The latest findings in the Q1 2025 Internet Security Report seem to support a larger cybersecurity industry trend: the AI war is here. Attackers are increasingly relying on social engineering and phishing techniques supercharged by AI tools,” said WatchGuard Technologies’ chief security officer, Corey Nachreiner. “Attackers now have the capabilities to launch highly targeted campaigns at scale using automated pipelines, emphasizing the need for organizations to adopt robust, precise and powerful security measures to stay ahead of the advancements in AI and the evolving cyber risks.”
Additional findings include:
- Ransomware declined 85 percent from the previous quarter, as attackers shift toward data theft rather than encryption.
- Scripts, files derived from or using a scripting programming language are down by about 50 percent this quarter, the lowest they’ve ever been.
- Unique network signatures triggered, or known attacks detected on networks, decreased by 16 percent from last quarter.
- Malware threats are continuing to emerge via email rather than the web, although AI and ML-based tools are detecting more threats at the network and endpoint perimeter in Q1.
Data analyzed is based on anonymized, aggregated threat intelligence from active WatchGuard network and endpoint products of owners who opted to share in direct support of WatchGuard’s research efforts.
