Australian businesses are now facing significantly more network-based attacks than traditional malware, according to WatchGuard Technologies’ Q4 2025 Threat Landscape Report, highlighting a marked shift in the country’s cyber threat profile.
Between October and December 2025, WatchGuard blocked 96,049 network attacks targeting Australian organisations, compared with 8,510 malware attacks over the same period. This contrasts sharply with trends across the broader Asia Pacific region, where malware remains the dominant threat type.
The data positions Australia as a clear outlier within APAC and globally. While the region accounted for 31 per cent of global malware detections, it represented just 4 per cent of network attacks, reinforcing Australia’s disproportionate exposure to network-based threats and its divergence from wider regional and global patterns.
WatchGuard said the findings point to a broader shift in attacker behaviour, with cybercriminals increasingly focused on scanning and exploiting exposed systems rather than relying solely on malware-based infections. Persistent probing of internet-facing infrastructure such as websites and servers is becoming a primary tactic for gaining unauthorised access or manipulating data.
In Australia, the most commonly detected malware included Gen:Heur.Mint.Zard.24, Trojan.Linux.Mirai.1 and JS:Trojan.Cryxos.14431. The report also found that 92 per cent of all malware detections were known threats, with only 8 per cent classified as zero-day variants, suggesting attackers are achieving success through volume and persistence rather than novel techniques.
Australia’s elevated exposure to network attacks is likely linked to its high levels of digital connectivity and cloud adoption, which have significantly expanded the number of internet-facing systems available for attackers to continuously scan for weaknesses.
Anthony Daniel, managing director for Australia, New Zealand and the Pacific Islands at WatchGuard Technologies, said the Q4 data shows a clear shift in the threat landscape for Australian organisations. He said network-based attacks have overtaken malware by a significant margin and represent ongoing background pressure on business infrastructure, rather than isolated incidents.
Daniel said attackers are repeatedly testing business websites and servers for vulnerabilities, making continuous monitoring and strong defensive controls essential. While malware remains a risk, he said the prevalence of persistent network threats means organisations must prioritise robust network security and visibility to reduce exposure.
