Microsoft Releases Its 2025 Digital Defense Report

Microsoft has released its 2025 Digital Defense Report, painting a sobering picture of the evolving global cyberthreat landscape and warning that Africa has become a testing ground for some of the world’s most advanced digital attacks.

Drawing from over 100 trillion daily security signals, the report reveals that cybercriminals are expanding their reach, with a growing focus on North Africa and other emerging digital economies across the continent. It also highlights how nation-state actors are adopting artificial intelligence to refine their methods, exploit trusted platforms, and target high-value industries with greater precision.

“Africa isn’t just a target; it has become a proving ground for the latest cyber threats,” said Kerissa Varma, Microsoft’s Chief Security Advisor for Africa. “We’re witnessing attackers harness AI to craft phishing messages tailored to local languages and cultural contexts, impersonate trusted individuals, and exploit the very platforms we depend on.”

According to Microsoft, data theft was the goal in nearly 80 percent of all cyber incidents its teams investigated last year with attacks largely driven by financial motives rather than espionage. Supporting findings from the World Economic Forum’s Cybercrime Impact Atlas Report 2025 show that although arrests have increased across 19 African countries, the cost of cybercrime continues to skyrocket.

The report notes a jump in total cybercrime value from $192 million to $484 million, while the number of victims rose from 35,000 to 87,000 in the past year.

Among the growing range of attacks, Business Email Compromise (BEC) has emerged as the most financially damaging threat. While BEC represented only 2 percent of observed cyber activity, it accounted for 21 percent of successful attacks, surpassing ransomware (16 percent).

These schemes typically begin with phishing or password spraying, before escalating to more sophisticated techniques such as multi-factor authentication tampering, inbox rule manipulation, and email thread hijacking.

South Africa, according to the report, has become a global hotspot for BEC infrastructure setup and money mule recruitment. One example is Storm-2126, a Nigerian-origin threat actor operating out of South Africa since 2017, which has targeted U.S.-based real estate and law firms.

The report also highlights a dramatic shift toward multi-stage, AI-enhanced attack chains that blend technical exploits, social engineering, and infrastructure abuse.

AI-powered phishing campaigns are now achieving a 54 percent click-through rate — over four times higher than traditional phishing — and can boost attacker profitability by up to 50 times.

Microsoft also reports a 195 percent global increase in AI-generated identities, used to bypass verification systems and launch attacks from disposable accounts.

“This is a pivotal moment for African business leaders,” Varma said. “Relying on trust alone is no longer enough — familiar platforms and tools can be turned against us. Early warning signs like credential theft should be treated as indicators of potentially larger breaches.”

Microsoft is responding to these emerging risks through its Secure Future Initiative (SFI) — the company’s largest cybersecurity engineering project to date. The initiative is focused on evolving how Microsoft designs, builds, and operates its products to embed security at every layer.

“By investing in comprehensive cybersecurity strategies and leveraging AI-powered defenses, Africa can position itself as a crucial front line against emerging threats and help build stronger, more resilient digital ecosystems,” Varma believes this shift can help African organisations strengthen their resilience.