Over 1500% Increase in New, Unique Malware Highlights Growing Security Complexity, According to WatchGuard Biannual Threat Report

MSPs must shift from reactive security to proactive threat intelligence and unified protection

SEATTLE, Feb. 19, 2026 (GLOBE NEWSWIRE) -- WatchGuard® Technologies, a global leader in unified cybersecurity for managed service providers (MSPs), today released the findings of its latest Internet Security Report, revealing a sharp acceleration in evasive and encrypted threats that demand a more proactive and unified security approach from MSPs.

Based on anonymized, aggregated threat intelligence from WatchGuard’s network security, endpoint, and DNS filtering products, the biannual report shows that attackers are increasing both the volume and sophistication of malware, exposing the limitations of reactive, signature-based defenses still common across customer environments.

In 2025, new malware increased every quarter, culminating in a 1,548% spike from Q3 to Q4 alone. At the same time, 23% of detected malware evaded traditional signature-based detection, effectively qualifying as zero-day threats and reinforcing the need for behavioral, AI-driven protection.

Key Findings Highlight Gaps in Traditional Security Models

The report reveals several trends with direct implications for MSPs:

• Evasive malware is surging: With over 15 times more never-before-seen malware on the endpoint, threat actors are prioritizing new and obfuscated exploits designed to bypass static detection methods.
• Encrypted delivery is now the norm: 96% of blocked malware was delivered over TLS, creating major visibility gaps for organizations that do not perform HTTPS inspection.
• Endpoint techniques are evolving: Malicious scripts have been slowly dropping over the past year, as Windows binaries and living-off-the-land (LotL) tools have become the primary infection vectors, leveraging trusted processes to avoid detection.
• Network threats remain persistent: While network-based exploits declined in H2 2025, the majority of detections continue to target long-standing vulnerabilities, particularly in modern web applications, reinforcing the need for layered network defenses such as intrusion prevention systems (IPS).

Attackers Refine Delivery and Monetization

The research also shows attackers improving how they deliver and profit from malware. During the second half of 2025, WatchGuard observed phishing campaigns that used malicious PowerShell scripts to stage Malware-as-a-Service tools, including remote access trojans, while deliberately evading automated file analysis.

Although overall ransomware activity declined 68.42% year over year, public extortion payments reached record levels, indicating a shift toward fewer, higher-value attacks. Cryptomining activity remains a popular, low-friction monetization method for attackers once access is established.

What This Means for MSPs

“Today’s threat landscape has outgrown point solutions and reactive security models,” said Corey Nachreiner, chief security officer at WatchGuard Technologies. “For MSPs, the business risk is especially high. Client breaches increase support costs, damage trust, and create a clear competitive disadvantage. The MSPs that will succeed in 2026 and beyond are those that can clearly demonstrate proactive threat intelligence and unified protection across their customers’ environments.”

The findings reinforce the need for modern defense strategies that combine advanced endpoint protection, detection, and response (EPDR), AI-driven threat detection, and continuous monitoring. As attacks become more persistent and complex, MSPs are increasingly positioned to differentiate by delivering 24/7 managed detection and response services that reduce risk while creating long-term customer value.

For a more in-depth view of WatchGuard’s research, download the complete 2H 2025 Internet Security Report.

###

About WatchGuard Technologies, Inc.

WatchGuard Technologies is a global leader in unified cybersecurity, purpose‑built for managed service providers (MSPs). For more than 30 years, WatchGuard has defined how MSPs deliver security at scale, continuously innovating to stay ahead of every major shift in the threat landscape.

WatchGuard’s AI‑powered Unified Security Platform® delivers Zero Trust‑aligned network, endpoint, and identity protection in a single, integrated platform, enabling MSPs to reduce operational complexity, improve security outcomes, and grow their businesses more efficiently.

Trusted by more than 25,000 MSPs protecting over 1.5 million customers worldwide, WatchGuard enables partners to deliver strong, measurable security outcomes for customers across the globe.

Learn more at WatchGuard.com, follow WatchGuard on LinkedIn, or visit the WatchGuard CyberSecurity Hub for real-time threat insights. 

WatchGuard is a registered trademark of WatchGuard Technologies, Inc. All other marks are the property of their respective owners.  

CONTACT: Leah Kleinberg
Marketbridge PR for WatchGuard Technologies, Inc 
Watchguard@marketbridge.com