Microsoft warns that ransomware attacks continue to increase. According to the tech giant’s Digital Defense report 2025, already more than half of all cyberattacks were motivated by financial gain and therefore involved various forms of ransomware. In as many as 80 percent of all attacks, the goal was to steal data from the systems of companies and government agencies.
Microsoft’s research also produced interesting information regarding the red-hot geopolitical situation. Only 4 percent of cyberattacks were related to espionage conducted by companies or states. According to the company, state-sponsored attacks remain a threat, but the primary cybersecurity threat to organizations comes from ordinary criminal groups.
In the report, Microsoft monitored cyber threats from July 2024 to June 2025 and four rising trends were noted.
1. Critical services are the new prime targets
Researchers first highlight a new main focus for cybercriminals, critical public services. Increasingly, attacks are being directed at hospitals and public administration. These organizations store sensitive information and are perceived to have weak cybersecurity due to tight budgets and otherwise limited resources. Ransomware attacks especially target critical services because these organizations must restore their systems quickly and therefore often end up paying the demanded ransom. Sensitive data may also be sold.
2. State actors strike more broadly
The second emerging trend is the expansion of cyberattacks by state actors. Although the overall share of these attacks remains small, they have broadened to include espionage and even financial gain. Motivations are often geopolitical, and therefore the targets include communications, research, and academia. Microsoft’s researchers point to China, Iran, Russia, and North Korea.
3. Growing use of AI
According to Microsoft, artificial intelligence is playing an increasing role in executing attacks. It is used to automate and enhance operations. Phishing and social engineering, in particular, have exploded with the rise of AI, and even state actors now use these techniques. However, researchers emphasize that AI is also a valuable tool for defenders, enabling more effective detection and prevention of attacks.
4. Breaking in is no longer necessary
Finally, the report highlights new types of attacks in which there is no need to technically “break into” an organization’s systems. Instead, through social engineering and other tricks, criminals can log in using stolen credentials.
However, social engineering and other credential leaks are not the only means criminals use to obtain corporate login details. According to the report, the use of infostealer malware by cybercriminals has increased significantly this year. Such malware can secretly collect credentials and information from online accounts, such as browser session tokens. Cybercriminals can purchase this stolen data from cybercrime forums and easily access accounts, for example, to deploy ransomware.
Microsoft therefore recommends that companies implement strong multi-factor authentication. According to researchers, it prevents 99 percent of identity-based attacks.
Read the full report:
https://www.microsoft.com/en-us/corporate-responsibility/cybersecurity/microsoft-digital-defense-report-2025/
AI generated image on page