KUALA LUMPUR – Financially motivated crimes now dominate the digital threat landscape, with extortion and ransomware driving more than half of all cyberattacks, according to Microsoft’s latest report.
In its annual Digital Defense Report, the tech giant revealed a shift in the primary goal of cybercriminals – no longer focused on espionage, but driven by profit.
Between July 2024 and June 2025, Microsoft’s security teams investigated numerous cyber incidents, finding that 80 per cent of these involved attackers trying to steal data.
“Over half of cyberattacks with known motives were driven by extortion or ransomware,” Microsoft explained, with such attacks accounting for at least 52 per cent of all incidents. In comparison, espionage-based attacks made up just four per cent.
While state-sponsored threats remain significant, the report highlights a growing trend: the majority of cyberattacks today are from opportunistic criminals seeking financial gain.
The scale of the threat is staggering. Microsoft processes over 100 trillion security signals daily, blocking around 4.5 million new malware attempts.
The report notes that cybercrime is becoming easier to execute, thanks to automation and readily available off-the-shelf tools, which enable even less technically skilled criminals to expand their operations.
Artificial intelligence (AI) has further fueled the threat, allowing cybercriminals to develop malware faster and create more convincing synthetic content, making phishing and ransomware attacks even more efficient.
This shift means that no one is immune to attack, regardless of size.
“Organisational leaders must treat cybersecurity as a core strategic priority, not just an IT issue,” the report urges.
Public services are prime targets due to their sensitive data and often limited cybersecurity resources. Hospitals and local governments, Microsoft points out, are frequent victims, with attacks causing direct and immediate harm to citizens.
A cyberattack on a hospital can result in delays in emergency medical care, disrupted services, cancelled classes, and halted transportation.
Though less frequent, nation-state attacks are becoming more extensive. China continues its broad espionage campaign, while Iran is expanding its targets to industries like shipping and logistics. Russia has broadened its attacks beyond Ukraine, focusing on small businesses in NATO countries. North Korea’s attacks focus on generating revenue and espionage, using remote IT workers to funnel funds back to the regime.
Perhaps the most concerning trend is how attackers gain access.
“Adversaries aren’t breaking in, they’re signing in,” Microsoft stated.
Identity-based attacks surged by 32 per cent in the first half of 2025, with more than 97 per cent of these resulting from simple password attacks exploiting credential leaks and “infostealer” malware.
Despite the increasing sophistication of cyber threats, Microsoft stresses a surprisingly simple solution: implementing phishing-resistant multifactor authentication (MFA). “MFA can block over 99 per cent of identity-based attacks,” even when the attacker has the correct username and password, Microsoft said. – October 21, 2025