Extortion and ransomware accounted for more than half of all cyberattacks worldwide in the past year, according to Microsoft’s latest Digital Defense Report, which highlights a dramatic rise in financially motivated cybercrime and the growing use of artificial intelligence (AI) by both attackers and defenders.
Microsoft corporate vice president for customer security and trust Amy Hogan-Burney said that 80% of the cyber incidents investigated by the company’s security teams involved data theft, with at least 52% of attacks driven by extortion or ransomware — far outpacing espionage, which made up only 4%.
“Most of the immediate attacks organizations face today come from opportunistic criminals looking to make a profit,” Hogan-Burney said.
The report, covering trends from July 2024 to June 2025, underscores how cybercrime has become a pervasive global threat. With automation and AI tools lowering technical barriers, even less-skilled attackers are able to execute complex schemes such as phishing, data breaches, and malware deployment.
Critical Services Under Siege
Microsoft warned that hospitals, local governments, and other essential service providers remain prime targets. These entities often store sensitive data and operate with limited cybersecurity budgets, leaving them vulnerable to ransomware campaigns that can disrupt healthcare, education, and emergency response.
In some cases, cyberattacks on hospitals delayed medical care and forced institutions to pay ransoms to restore access to encrypted systems. “These attacks have real-world consequences,” the report noted, urging closer collaboration between governments and industry to protect the most vulnerable sectors.
Rising Threat from Nation-States
While cybercriminals dominate by volume, nation-state actors continue to pose serious and evolving threats. Microsoft identified increasing activity from China, Iran, Russia, and North Korea:
- China has intensified cyberespionage efforts targeting NGOs and vulnerable network devices.
- Iran has broadened attacks on shipping and logistics companies, potentially positioning itself to disrupt maritime trade.
- Russia has expanded its focus beyond Ukraine, increasingly targeting small NATO-member businesses.
- North Korea continues to generate revenue through remote IT work and extortion, funneling proceeds to the regime.
The blending of state and criminal operations, Microsoft warned, is complicating efforts to attribute and respond to cyber incidents.
AI: A Double-Edged Sword
2025 marked a major inflection point in the use of generative AI in cybersecurity. Attackers are using AI to automate phishing campaigns, generate realistic fake content, and develop adaptive malware. Meanwhile, defenders are deploying AI to detect anomalies, close detection gaps, and identify phishing attempts faster.
“Everyone — from industry to government — must be proactive to keep pace with increasingly sophisticated attackers,” the report stated, emphasizing that securing AI tools is now a fundamental part of cybersecurity strategy.
Passwords Remain the Weak Link
Identity-based attacks surged 32% in the first half of 2025, with 97% of such incidents involving password breaches. Microsoft urged organizations to adopt phishing-resistant multifactor authentication (MFA), which can block over 99% of identity-based attacks even if credentials are compromised.
The company also revealed that its Digital Crimes Unit, working with the US Department of Justice and Europol, recently disrupted “Lumma Stealer,” one of the world’s most widely used credential-harvesting malware tools.
A Call for Collective Defense
Hogan-Burney stressed that cybersecurity must now be treated as a “core strategic priority” rather than a mere IT concern. Microsoft’s Secure Future Initiative seeks to strengthen defenses across its ecosystem while advocating for global collaboration and government action to deter malicious activity.
“Security is not only a technical challenge, but a governance imperative,” the report said. Governments, it added, must signal credible consequences for nation-state attacks through indictments, sanctions, and other measures.
As digital transformation accelerates and AI reshapes the threat landscape, Microsoft’s report calls for “coordinated societal action” to safeguard economies, institutions, and individuals from the growing cyber onslaught.
