Cyberattacks are surging in both scale and sophistication, and financial motives now drive most of this activity, according to Microsoft’s Digital Defense Report 2025. Analyzing threat data from over 100 trillion daily signals, Microsoft warns that both criminals and nation-states are weaponizing AI, putting global cybersecurity at unprecedented risk.

Identity crisis: Over the past year, identity-based threats surged by 32%, and Microsoft reports that more than 97% of these were password attacks—typically bulk credential-guessing campaigns leveraging leaked login data. The good news: the company insists that phishing-resistant multifactor authentication (MFA) can prevent over 99% of these breaches, even when attackers possess valid credentials.

AI arms-race: The report highlights how generative AI is reshaping the battlefield. Cybercriminals are using AI to accelerate malware development, automate phishing, craft deepfakes, and identify vulnerabilities more rapidly. Conversely, defenders, including Microsoft itself, are using AI to plug detection gaps, thwart phishing attempts, and shield vulnerable users. Still, the race is tight. “Legacy security measures are no longer enough,” the company warns, urging organizations to adopt AI-driven defenses and collaborate across sectors and borders.

Ransomware dominates motives: Microsoft also disclosed that “over half of cyberattacks with known motives were driven by extortion or ransomware… while attacks focused solely on espionage made up just 4%.” This underscores a broader trend: most attackers today are profit-motivated, not ideological. Yet nation-state threats remain significant. Russia, China, Iran, and North Korea have reportedly ramped up AI usage in espionage and influence operations. Microsoft detected over 200 cases in July 2025 alone where foreign adversaries employed AI to produce fake online content—more than double the previous year and ten times the figure from 2023.

American vulnerability: The United States continues to be the most targeted country, accounting for nearly 25% of all observed cyber incidents. Many of the victims, the report notes, operate on legacy systems ill-equipped to withstand modern threats. Public services, especially hospitals and municipalities, are particularly vulnerable due to limited resources and aging software. “Ransomware actors in particular focus on these critical sectors because of the targets’ limited options,” Microsoft notes—often forcing victims to pay quickly or risk catastrophic consequences.

Microsoft calls cybersecurity not just a technical issue but a matter of governance. “Governments must build frameworks that signal credible and proportionate consequences for malicious activity,” the company argues. The stakes, clearly, are rising.