KUALA LUMPUR, 17 October — Financially motivated cyberattacks now dominate the global threat landscape, with extortion and ransomware accounting for more than half of all incidents, according to Microsoft’s latest Digital Defense Report 2025.
The report, authored by Amy Hogan-Burney, Corporate Vice President for Customer Security & Trust, and Igor Tsyganskiy, Chief Information Security Officer, reveals that 52% of cyberattacks with known motives were financially driven, compared to just 4% linked to espionage.
“Nation-state threats remain a serious and persistent concern,” Hogan-Burney said, “but most of the immediate risks faced by organisations today stem from opportunistic criminals seeking profit rather than intelligence.”
Every day, Microsoft’s security systems process more than 100 trillion signals, block 4.5 million new malware attempts, and screen five billion emails for phishing and other threats.
According to Hogan-Burney, this surge in cyber activity reflects how automation and AI tools have empowered attackers, even those with limited technical expertise, to expand operations rapidly and scale their criminal networks.
“The use of AI is accelerating malware development and making phishing campaigns and ransomware more sophisticated,” she noted. “Cybercrime has become a universal, ever-present threat that affects individuals, enterprises, and critical infrastructure alike.”
Malicious actors are increasingly targeting critical public services, such as hospitals, schools, and local governments.
“In the past year, we’ve seen attacks delaying emergency medical care, disrupting transportation systems, and even cancelling school classes,” Hogan-Burney said. “Ransomware actors focus on these sectors because their victims have limited options — when lives or essential services are at stake, the pressure to pay is immense.”
Cybercriminals also exploit the resale of stolen data from government and research institutions on the dark web, fuelling downstream criminal activity.
Hogan-Burney emphasised that strengthening cybersecurity for essential public services requires collaboration between government and industry, noting that such partnerships are key to maintaining public trust and continuity of care.
While financially driven attacks dominate, nation-state actors are also broadening their operations. The report observed increasing cyber activity from China, Iran, Russia, and North Korea, each pursuing distinct strategic objectives.
China continues to expand espionage across industries and NGOs, using covert networks and exploiting newly disclosed vulnerabilities at record speed.
Iran has widened its reach from the Middle East to North America, targeting shipping and logistics firms to gain long-term access to sensitive commercial data. Russia, though still focused on Ukraine, is increasingly targeting small businesses in NATO countries as entry points to larger organisations.
North Korea remains focused on revenue generation, with state-affiliated IT workers infiltrating global companies to channel income back to Pyongyang, sometimes resorting to extortion when exposed.
“The line between cybercrime and statecraft is blurring,” Hogan-Burney observed. “Some nation-state actors now leverage the cybercriminal ecosystem itself, making attribution and accountability far more complex.”
The year 2025 marked a significant escalation in the use of artificial intelligence by both attackers and defenders. Threat actors employ AI to automate phishing, develop adaptive malware, and create synthetic media for manipulation campaigns, while defenders use AI to detect and neutralise threats faster than ever.
“AI is transforming cybersecurity on both sides,” Hogan-Burney said. “To stay ahead, organisations must secure their AI tools, train their teams, and adopt a proactive defence strategy that evolves as fast as the attackers.”
One of the most alarming findings is that 97% of identity-based attacks involve passwords. In the first half of 2025 alone, such attacks rose by 32%, largely due to stolen credentials sold on cybercrime forums.
“The solution is straightforward,” Hogan-Burney stressed. “Phishing-resistant multifactor authentication can stop more than 99% of these attacks — even if the attacker already has the correct username and password.”
Microsoft’s Digital Crimes Unit recently disrupted Lumma Stealer, one of the most popular information-stealing malware families, in collaboration with the US Department of Justice and Europol.
Hogan-Burney concluded by underscoring that cybersecurity is not merely a technical issue but a governance imperative requiring global coordination.
“As digital transformation accelerates, amplified by the rise of AI, cyber threats pose risks not only to data but to economic stability, governance, and public safety,” she said. “Addressing these challenges demands both technical innovation and collective action — from governments, industry, and individuals alike.”
