Organisations face rising threat from advanced malware hiding in encrypted traffic, according to WatchGuard's latest Internet Security Report. Security experts warn that attackers are increasingly using Transport Layer Security to conceal malicious payloads from traditional defences.

WatchGuard Technologies reports a 40% quarter-over-quarter increase in evasive malware using encrypted connections in Q2 2025. The cybersecurity company's latest threat intelligence reveals that 70% of all malware now arrives via encrypted channels.

"Attackers work hard to bypass detection and maximise impact," said Corey Nachreiner, chief security officer at WatchGuard Technologies. "For resource-constrained MSPs and lean IT teams, this shift means the real challenge is adapting quickly with powerful measures."

The report shows overall malware detections increased 15%, driven by an 85% rise in Gateway AntiVirus detections. Zero-day threats represented 76% of all malware and nearly 90% of encrypted malware, highlighting the diminishing effectiveness of signature-based detection.

Network attacks rose 8.3%, though with fewer unique signatures triggered than previous quarters. A brand-new JavaScript obfuscation detection emerged, demonstrating how quickly new threats can spread using evasion techniques to bypass legacy security controls.

In a surprising development, researchers identified two USB-based malware threats likely targeting cryptocurrency users. The malware deployed XMRig, a coin miner for Monero cryptocurrency, potentially connected to hardware wallet usage.

While ransomware incidents declined 47%, the shift suggests more targeted attacks against high-profile victims. The report noted an increase in active extortion groups, with Akira and Qilin among the most aggressive.

Multi-stage infection chains dominated the threat landscape, with seven of the top ten malware detections classified as first-stage payloads or "droppers." The infamous Mirai botnet also resurfaced after five years, primarily affecting APAC regions.

WatchGuard's Threat Lab recommends consistent patching, proven defences, and advanced detection and response technologies as the most effective countermeasures against these evolving threats.

The full Q2 2025 Internet Security Report is available for download at WatchGuard's website.