Cybercriminals are weaponizing artificial intelligence to accelerate malware development, discover vulnerabilities faster, and create more sophisticated phishing campaigns, according to Microsoft’s latest Digital Defense Report covering trends from July 2024 through June 2025.
In 80% of the cyber incidents Microsoft investigated last year, attackers sought to steal data primarily for profit rather than intelligence gathering.
The rise of AI-powered attacks has lowered the barrier to entry for cybercriminals, enabling even those with limited technical expertise to launch devastating campaigns.
The report reveals that financial motives now drive the vast majority of cyberattacks, with over 52% of incidents fueled by extortion or ransomware.
Microsoft processes more than 100 trillion signals daily, blocking approximately 4.5 million new malware attempts while analyzing 38 million identity risk detections and screening 5 billion emails for malware and phishing.
Despite this massive defensive effort, threat actors continue to exploit AI’s capabilities to automate attack processes, scale social engineering operations, and create synthetic media that enhances the realism of their campaigns.
AI Transforms Both Attack and Defense Strategies
The report emphasizes that 2025 marked a significant escalation in AI adoption by both attackers and defenders.
Threat actors now leverage generative AI to automate phishing campaigns, discover software vulnerabilities at unprecedented speeds, and develop adaptive malware that can modify its behavior to evade detection.
Nation-state actors have also incorporated AI into cyber influence operations, making their efforts more advanced, scalable, and targeted over the past six months.
While AI enhances attacker capabilities, Microsoft highlights that defenders are also harnessing the technology’s power.
Ransomware actors specifically target these sectors because victims have limited options when systems are encrypted.
Geopolitical objectives continue to drive a surge in state-sponsored cyber activity, with a notable expansion in targeting communications, research, and academia.
The company uses AI systems to spot threats, close detection gaps, catch phishing attempts, and protect vulnerable users.
However, this technological arms race requires organizations to prioritize securing their AI tools and training their teams to stay ahead of increasingly sophisticated adversaries.
Malicious actors continue focusing attacks on critical public services where compromises create immediate real-world impacts. Hospitals and local governments face heightened risk due to tight cybersecurity budgets, limited incident response capabilities, and outdated software.
The past year witnessed cyberattacks causing delayed emergency medical care, disrupted emergency services, canceled school classes, and halted transportation systems.
Hospitals, for instance, must quickly restore operations or risk patient lives, often leaving payment as the only recourse. Additionally, these institutions store sensitive data that criminals monetize through illicit dark web marketplaces, fueling downstream criminal activity.
Identity Attacks Surge by 32 Percent
The report reveals a concerning trend in identity-based attacks, with more than 97% targeting passwords through large-scale guessing attempts using leaked credentials. Identity attacks surged by 32% in the first half of 2025 alone.
Cybercriminals increasingly deploy infostealer malware to harvest credentials and browser session tokens at scale, then sell this information on cybercrime forums.
However, Microsoft emphasizes that phishing-resistant multifactor authentication (MFA) can block over 99% of these attacks, even when attackers possess correct username and password combinations.
In May, Microsoft’s Digital Crimes Unit disrupted Lumma Stealer, the most popular infostealer malware, in collaboration with the US Department of Justice and Europol.
While cybercriminals represent the biggest threat by volume, nation-state actors continue targeting key industries and regions for espionage and financial gain.
China accelerates espionage across industries and has become faster at weaponizing newly disclosed vulnerabilities. Iran broadens targeting from the Middle East to North America, while Russia expands beyond Ukraine to target small businesses in NATO countries—representing a 25% increase from last year. North Korea remains focused on revenue generation through remote IT worker schemes and extortion.
The report concludes that legacy security measures no longer suffice against these evolving threats.
Organizations must treat cybersecurity as a core strategic priority, implementing modern defenses that leverage AI and fostering strong collaboration across industries and governments to build collective deterrence against increasingly sophisticated adversaries.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
