Key Takeaways from the Latest ISR: More Malware, and Harder to Detect

Malware hasn’t just increased—it’s become harder to detect. Evasive techniques are reshaping the threat landscape and pushing traditional security models to their limits. Today’s advanced malware campaigns are consistently slipping past multiple layers of defense—from email and network to endpoints—challenging even the most robust infrastructures. 

According to WatchGuard’s Internet Security Report for Q4 2024, network-based malware detections rose by 94% compared to the previous quarter. Even more concerning is the 315% surge in evasive malware—malicious code capable of hiding its presence, using encrypted channels, and bypassing conventional antivirus engines without raising any red flags. 

Evasive Malware: Stealthy, Persistent, and Highly Effective 

Evasive malware is quickly becoming cybercriminals’ tactic of choice. Because it can remain undetected, it stays active longer and causes greater damage with reduced exposure. 

One standout method is the use of Living-off-the-Land (LotL) techniques, which exploit legitimate system tools to carry out malicious actions. In Q4 2024, 83% of endpoint attacks employed LotL tactics, with 97% of those leveraging PowerShell, a platform commonly used for cross-platform task automation. By turning trusted admin tools into attack vectors, adversaries can slip past defenses designed to spot external threats. 

For organizations, the message is clear: if PowerShell isn’t monitored and script permissions aren’t tightly controlled, attackers can move freely within the environment. Since these tools are legitimate and typically pre-installed, they rarely trigger alerts in traditional security solutions—making them ideal for stealth operations without deploying additional malware. 

From Prevention to Early Detection 

Another key takeaway from the report: more than half of all malware detected was zero-day. In this reality, static defenses like rule-based firewalls are no longer sufficient. 

That’s where proactive antimalware technologies come in—solutions that use machine learning or dynamic sandboxing to detect evasive threats by observing how files or programs behave in real time within isolated environments. These methods identify suspicious behavior even when the code is new, obfuscated, or previously unknown. 

For many organizations—especially Managed Service Providers (MSPs)—this shift requires a new mindset: it’s no longer about blocking every threat, but about detecting and responding before an intrusion turns into a full-blown breach. 

What Can Organizations Do? 

To counter today’s stealthier threats, businesses need to adopt a modern security strategy built on three pillars: 

1. Patch and Update Management 

Cybersecurity can’t be static—especially in the face of evasive malware. Automated patch management and continuous vulnerability auditing must be embedded into infrastructure lifecycles. This ensures defenses remain effective over time and proactively adapt to emerging threats without requiring constant manual intervention. 

2. Comprehensive Visibility 

You can’t protect what you can’t see. It’s essential to monitor encrypted traffic, PowerShell activity, endpoint behavior, and suspicious network events. Without full visibility, organizations are effectively flying blind in today’s complex threat landscape. 

3. Layered and Integrated Defense 

Security isn’t about having a lot of disconnected tools—it’s about integration. Solutions should share telemetry and respond in a coordinated way. An XDR (Extended Detection and Response) approach enables organizations to correlate data across network, endpoint, and identity sources, improving detection capabilities and automating responses to reduce complexity and speed up resolution. 

For MSPs, this shift is also an opportunity to deliver more advanced, tailored services that meet today’s defensive needs with a focused, intelligent approach. 

Final Thoughts 

With evasive malware on the rise, organizations must evolve. Adopting a proactive security posture focused on early detection, deep analysis, and controlled incident response is no longer optional—it’s essential. It’s the difference between being resilient and being exposed. 

Access the full Internet Security Report Q4 2024 for all findings and recommendations.