Growing complexity means legacy security systems miss one in every 14 threats

Traditional detection methods are being outpaced, with a 127 percent rise in malware complexity and one in 14 files initially deemed ‘safe’ by legacy systems proving to be malicious.

A new report from OPSWAT uncovers layered threats designed to evade analysis, including obfuscated loaders such as NetReactor and evasive behaviors missed by traditional tools. These results show that modern malware intends to confuse rather than flood defenses.

As critical infrastructure, government systems, and enterprise networks face growing targeting from increasingly modular and evasive malware, the findings of this report spotlight the evolving adversary playbook and the need for integrated, multilayered solutions.

Adversaries are favoring stealth over scale, with payloads hidden in formats like .NET bitmaps and steganographic images, with Google services repurposed for covert C2. Social engineering is adapting too -- tactics such as ‘ClickFix’ (clipboard hijacking) are spreading across criminal and nation-state campaigns.

The report notes that cybercrime doesn’t innovate on malware core logic but does so heavily on distribution and evasion. The protective wrappers can often be more advanced than the payload itself.

Based on analysis of sandbox data OPSWAT reclassified 7.3 percent of files that were silent across open-source intelligence (OSINT) feeds as being malicious, on average 24 hours earlier than public data sources. These were confirmed executions, not speculative flags, highlighting how adaptive analysis can help close dangerous gaps left by static and reputation-based systems.

“Our strength lies in precision, behavioral depth, and early visibility into emerging attacks,” says Jan Miller, chief technology officer of threat analysis at OPSWAT. “That’s what sets OPSWAT apart in delivering high-fidelity, context-aware threat intelligence.”

You can get the full report from the OPSWAT site.

Image credit: denisismagilov/depositphotos.com