Critical infrastructure cybersecurity firm OPSWAT has published its inaugural Threat Landscape Report, revealing key findings from over 890,000 sandbox scans conducted over the past 12 months.
The report highlights a 127% rise in malware complexity and warns that traditional detection methods are falling behind, with one in 14 files initially deemed ‘safe’ by legacy systems later confirmed to be malicious.
OPSWAT says the results underscore the need for multi-layered defences and a shift away from outdated tools.
According to the report, the surge in malware sophistication is being driven by multi-stage execution chains and heavy obfuscation, with 7.3% of files missed by public OSINT feeds flagged as malicious by Filescan.io, on average 24 hours earlier.
Adversaries are increasingly favouring stealth over scale, concealing payloads in formats such as .NET bitmaps and steganographic images, and repurposing Google services for covert command-and-control activity. Social engineering tactics are also evolving, with methods such as “ClickFix” – a clipboard hijacking technique – becoming more prevalent.
Surge in Critical Infrastructure Attacks
Attacks on operational technology and critical infrastructure have continued to rise in 2025, with manufacturing, energy, and utilities sectors remaining prime targets.
Verizon’s 2025 Data Breach Investigations Report found that manufacturing suffered 1,607 confirmed breaches, a significant increase on previous years. External actors were responsible for 86% of these cases, with espionage motives present in nearly 20%.
Ransomware featured in 44% of all breaches across sectors and accounted for 75% of incidents within the System Intrusion pattern.
Vulnerability exploitation also increased sharply as an initial access vector, with attackers focusing on edge devices, firewalls, and VPN services.
The global cost of cyber-crime is projected to reach $1.2 trillion in 2025, with downtime and lost productivity representing up to $1 trillion of that total.
Regulatory scrutiny is growing in both the EU and North America, driving mandatory reporting and resilience measures for critical infrastructure. Verizon’s analysis also points to a doubling of breaches linked to third-party infrastructure, while credential abuse accounted for 22% of initial access vectors.
Phishing remains the most common delivery mechanism, appearing in 19% of all breaches. Pretexting and baiting are becoming more sophisticated, with the SlashNext 2024 Phishing Intelligence Report recording a 703% surge in credential phishing campaigns in late 2024 and a tripling in brand impersonation.
Nearly every mailbox was subject to weekly phishing attempts during the period studied. Many phishing campaigns are now followed by a second stage involving fileless malware, which executes code in memory via tools such as PowerShell, .NET reflection, or WMI, bypassing signature-based antivirus tools.
Record Vulnerability Disclosures
The 2025 CVE disclosure rate is on track to reach between 45,000 and 50,000, marking an 11% increase over the previous year. This growth is being driven by open-source dependencies, rapid development cycles, and legislative requirements, including the EU’s NIS2 directive and the Cyber Resilience Act.
The report also identifies consistent clusters of techniques used by attackers, including multi-layered and obfuscated script attacks, evasion-specialised tactics with geo-fencing, the abuse of trusted SaaS platforms for covert command-and-control, and the increasing commoditisation of cybercrime-as-a-service.
Recommended reading
Telemetry from OPSWAT’s FileScan engine shows that packing, reconnaissance, scripting abuse, and .NET obfuscation remain dominant malware delivery techniques.
Despite an overall rise in detected malware, the number of mapped MITRE techniques has fallen, which OPSWAT suggests may reflect unconventional tactics that evade rule-based detection models.
As critical infrastructure, government systems, and enterprise networks face growing targeting from increasingly modular and evasive malware, the findings of this report spotlight the evolving adversary playbook and the need for integrated, multilayered solutions.
Cybersecurity leaders must now prioritise adaptability, shared intelligence, reassessing technology, and fast behavioral detection pipelines to protect systems from known threats, but also to keep pace with a rapidly evolving threat landscape and whatever is on the horizon.
Related
Click Here For The Original Source.
