-
- |
-
Digital Defense Report: Ransomeware and Extortion Now the Primary Motive for Over Half of Cyberattacks
Digital Defense Report: Ransomeware and Extortion Now the Primary Motive for Over Half of Cyberattacks
Microsoft has released its 2025 Digital Defense Report (MDDR), mapping the global cyber threat landscape based on trend analysis from July 2024 to June 2025. The primary finding is clear: financial motives now dominate the world of cybercrime.
According to the report, over half (52%) of all cyberattacks with a known motive were driven by extortion or ransomware.
The report, co-authored by Microsoft's Chief Information Security Officer Igor Tsyganskiy, emphasizes that while threats from nation-state actors remain serious, the majority of attacks organizations face today come from opportunistic criminals seeking financial gain.
Data Theft Drives Attacks
Another key finding is that in 80% of cyber incidents investigated by Microsoft's security teams, the attacker attempted to steal data. This trend is driven more by financial gain than by espionage or intelligence gathering. In comparison, attacks purely focused on espionage accounted for only 4% of total incidents.
Cybercrime has become a universal threat targeting everyone—both large and small organizations. Advances in automation and the availability of off-the-shelf hacking tools have allowed actors with limited technical expertise to significantly expand their operations.
AI Accelerates Both Attacks and Defenses
As predicted, artificial intelligence (AI) is now being used by both sides of the conflict:
-
Attackers: Use AI to accelerate malware development and create more realistic and effective synthetic content (like phishing emails).
-
Defenders: Microsoft itself uses AI to process over 100 trillion threat signals daily, helping to detect phishing and protect users.
Critical Services Are Prime Targets
Ransomware actors specifically focus on critical sectors such as hospitals and local governments. The primary reasons are that these organizations:
-
Store highly sensitive data.
-
Often have limited cybersecurity budgets and outdated software.
-
Have limited options other than paying the ransom (e.g., a hospital must quickly restore encrypted systems to avoid fatal patient outcomes).
Attackers Are 'Signing In,' Not 'Breaking In'
One of the most striking statistics from the report is that over 97% of identity attacks are password attacks. Attackers are no longer bothering to "break into" systems; they are "signing in" using stolen credentials.
Info-stealing malware (infostealers) has seen a massive surge, allowing hackers to steal passwords and browser session tokens at scale. The good news is that Microsoft affirms a simple solution: phishing-resistant Multi-Factor Authentication (MFA) can block over 99% of identity-based attacks.
The report concludes that in this era of sophisticated threats, legacy security measures are no longer enough. Organizations must prioritize cybersecurity as a core strategy and build modern defenses that leverage AI.
Reference : https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/
Popular article
Need Any Technology Solution
Let’s Work Together on Project
