IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Complex tangled network of code lines morphing into shadowy virus
#
Malware
#
Advanced Persistent Threat Protection
#
AI Security

Malware complexity soars 127% as older defences miss threats

Today
Author image
By Shannon Williams, Journalist

Malware complexity has increased sharply in the past year, with legacy security systems failing to detect a significant number of threats, according to research released by OPSWAT.

The company's first Threat Landscape Report, drawing on data from over 890,000 sandbox scans conducted in the past 12 months, highlights substantial challenges for organisations relying on traditional, signature-based cyber defences. The report found a 127% increase in the complexity of malware and revealed that one in every fourteen files previously considered 'safe' by older systems was in fact malicious.

Malware on the rise

Central to the report's findings is a dramatic escalation in malware complexity, with attackers increasingly using multi-stage, evasive techniques. OPSWAT noted that its sandbox technology exposed a 127% spike in what it calls 'multi-stage malware complexity' over the past year. The report points to layered threats employing tactics such as obfuscated loaders like NetReactor, which are specifically designed to circumvent static analysis and signature-based detection methods.

The data suggests attackers now favour approaches intended to confuse rather than simply overwhelm legacy defences. According to the report, "modern malware intends to confuse, not flood, which is why OPSWAT's pipeline is purpose-built to unpack that complexity."

Early and proactive detection

Another significant finding from the report is the effectiveness of adaptive, behavioural analysis techniques over static and reputation-based methods. OPSWAT's analysis determined that 7.3% of files missed by open-source intelligence feeds were in fact malicious, generally identified 24 hours before they became known on public data sources. These cases were confirmed executions, not hypothetical threats.

This approach, the company suggests, helps close the gaps left by more traditional systems, which may lag in reclassifying emerging threats. The results underscore the importance of context-led detection and rapid response for organisations handling sensitive or critical infrastructure.

Context and campaign-level insights

With data from hundreds of thousands of scans, OPSWAT's analysis goes beyond isolated incidents to correlate threats at a campaign level. The system identifies repeat techniques, tactics, and procedures (TTPs), reused command-and-control (C2) infrastructure, and shared behavioural patterns across malicious campaigns. By doing so, the platform can offer defenders actionable, context-rich intelligence rather than overwhelming them with excessive indicators that may be of limited value.

According to the report, this enables a more effective response strategy and allows defenders to anticipate evolving adversarial behaviour, instead of playing catch-up with each new individual threat.

Detection accuracy and new techniques

OPSWAT reports a detection accuracy of 99.97% through its behavioural and machine learning pipeline, which has been enhanced with a newly developed PE emulator. This system successfully identified sophisticated attack methods, including clipboard hijacking via ClickFix, steganography-wrapped loaders, C2 channels embedded in Google services, and .NET Bitmap malware loaders delivering Snake Keylogger payloads.

"Our strength lies in precision, behavioral depth, and early visibility into emerging attacks," said Jan Miller, Chief Technology Officer of Threat Analysis at OPSWAT. "That's what sets OPSWAT apart in delivering high-fidelity, context-aware threat intelligence."

Shifting threat landscape

The report warns that organisations responsible for critical infrastructure, government systems, and enterprise operations are facing greater targeting by increasingly modular and evasive malware campaigns. It highlights the risks of continued reliance on outdated defences, and stresses the need for integrated, multi-layered security measures as adversaries adapt their techniques.

The report emphasises the necessity for cybersecurity leaders to prioritise adaptability, shared intelligence, frequent technology reassessment, and fast behavioural detection pipelines, not only to protect against known threats but also to address a rapidly changing threat environment.

Filescan.io, which forms part of the OPSWAT MetaDefender Platform, is powering much of the company's advanced threat detection and file analysis across sensitive and critical digital environments, according to the report.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Netskope unveils AI Copilot & MCP server to advance zero trust
Emerging cyber threats for 2025 target healthcare & industry
Approov secures GBP £5 million to advance mobile app security
Oracle launches global Exadata service for AI & analytics
GigaChat AI assistant achieves 93% accuracy in medical diagnoses

Top stories

Qualtrics & PureSpectrum expand partnership for AI market insights
Quantum computing exposes Active Directory to urgent new risks
Calero launches SaaS tool to cut costs & tackle shadow IT
JetBrains launches Kineto platform for no-code app creation
Advise enters UK with EUR €1.8 million boost & new hires