The AI war is here, according to a US cyber firm. WatchGuard Technologies released its latest Internet Security Report, a quarterly analysis of the malware, network, and endpoint security threats observed by the WatchGuard Threat Lab researchers during the first quarter of 2025.
What they say
“Attackers are increasingly relying on social engineering and phishing techniques supercharged by AI tools,” said Corey Nachreiner, chief security officer at WatchGuard Technologies. “Attackers now have the capabilities to launch highly targeted campaigns at scale using automated pipelines, emphasising the need for organisations to adopt robust, precise, and powerful security measures to stay ahead of the advancements in AI and the evolving cyber risks.”
The firm suggests that malware threats are continuing to emerge via email rather than the web, suggesting that threat actors are targeting users with traditional phishing techniques, as AI makes it easier to compose believable spear phishing messages. The firm points to an industry trend of a decrease in crypto ransomware, the malware that encrypts files. Attackers are now shifting toward data theft instead of encryption, due to improvements in data backups and recovery.
In the first quarter of the year, the most widespread malware was Application.Cashback.B.0835E4A4, a newly identified threat and among the most prevalent malware families ever recorded, with the highest impact in Chile at 76 per cent and Ireland in second at 65pc. The firm’s researchers saw a significant increase in “zero day malware,” and this signals according to the study a sharp rise in evasive threats designed to bypass signature-based detection that is, traditional security systems that rely on patterns to detect threats. Notably, proactive machine learning (ML) detection offered by IntelligentAV (IAV) surged.
The Threat Lab saw a big increase in new malware threats on endpoints; yet new malware threats have seen a consistent decline over the past three quarters. The top malware threat on the endpoint was LSASS dumper, a credential stealer used for tasks such as logging onto systems, managing passwords, and creating access tokens. The top malware detected over encrypted connections was Trojan.Agent.FZPI, a new malicious HTML file that merges legitimate-looking files with encrypted communication. This threat combines several techniques that threat actors have employed over the last few years into one phishing attachment.
Visit WatchGuard.com.
Meanwhile, a cyber risk management company has released findings from its second annual MSP Survey, covering the security of Managed Service Providers (MSPs) and their customers. Emerging AI threats are given as the most significant threats facing MSP customers. Then come ‘traditional’ attack vectors, including ransomware or malware, insider threats, and unpatched vulnerabilities. CyberSmart said this marked a significant shift from 2024’s results, which found that malware/ransomware and inflation and spiralling costs were the biggest concerns.
“Across all industries, business leaders are beginning to wake up to the risk AI-fuelled threats pose to their organisations. This risk is particularly pertinent for MSP leaders, who are not only responsible for protecting their own organisation, but the data and assets of many others,” said Jamie Akhtar, CEO and co-founder of CyberSmart. “It is critical that MSPs take the threat posed by AI seriously, without neglecting the threat posed by more traditional attack vectors like malware and ransomware. MSPs must partner with trusted cybersecurity organisations to bolster and maintain complete cyber confidence.”
To read the report, visit: https://cybersmart.co.uk/wp-content/uploads/2025/06/CyberSmart-MSP-Survey-2025.pdf.
