Microsoft has unveiled its 2025 Digital Defense Report, offering a sweeping view of the global cyberthreat landscape and providing critical insights for business leaders across Africa.
Drawing from Microsoft’s unique vantage point and over 100 trillion daily security signals, the report highlights a significant expansion in the reach of cybercriminals over the past year, with a growing focus on North African countries.
It also details how nation-state actors are refining their methods, harnessing artificial intelligence, exploiting trusted platforms, and targeting high-value industries with remarkable accuracy.
“Africa isn’t just a target, it has become a proving ground for the latest cyber threats,” said chief security advisor for Microsoft Africa, Kerissa Varma.
“We’re witnessing attackers harness AI to craft phishing messages tailored to local languages and cultural contexts, impersonate trusted individuals, and exploit the very platforms we depend on. Many of these advanced tactics are first tested right here on the continent.”
Last year, in 80% of the cyber incidents investigated by Microsoft’s security teams, attackers targeted data theft, a trend primarily motivated by financial gain rather than intelligence gathering.
According to the World Economic Forum’s Cybercrime Impact Atlas Report 2025, arrests have increased across 19 African countries. However, the overall impact of cybercrime escalated sharply: the total value of cybercrime surged from $192 million to $484 million, and the number of victims jumped from 35,000 to 87,000.
The Digital Defense Report highlights the growing proficiency of criminal methods, with Business Email Compromise (BEC) emerging as the most financially damaging threat.
Although BEC accounted for just two percent of observed threats, it was the outcome in 21 percent of successful attacks, surpassing ransomware (16 percent).
These attacks often begin with phishing or password spraying, followed by inbox rule manipulation, multi-factor authentication (MFA) tampering, and email thread hijacking; tactics that enable trust-building and privilege escalation.
South Africa is identified as a global hotspot for BEC infrastructure setup and money mule recruitment. A case study on Storm-2126, a Nigerian-origin threat actor operating out of South Africa since 2017, illustrates the transnational nature of these attacks, which have targeted U.S. real estate firms, law practices, and tile companies.
The report also highlights a dramatic shift in attacker behavior, with adversaries now favouring multi-stage attack chains that blend technical exploits, social engineering, and infrastructure abuse.
Tactics such as ClickFix, where users are tricked into manually executing malicious code, and impersonation via Microsoft Teams are enabling attackers to bypass traditional defenses and gain remote access under the guise of IT support.
Artificial Intelligence is rapidly transforming the threat landscape. AI-enhanced phishing campaigns now achieve a 54 percent click-through rate – 4.5 times higher than traditional methods – and potentially boosting profitability by up to 50-fold.
Attackers are deploying autonomous malware capable of lateral movement and privilege escalation without human oversight. Meanwhile, AI-generated content is flooding digital spaces, overwhelming detection systems and enabling deepfake-enabled fraud, voice cloning, and the creation of synthetic identities at scale.
Microsoft reported a 195 percent global increase in AI-generated IDs used to bypass identity verification, exploit free trials or launch attacks from disposable tenants.
“This is a pivotal moment for African business leaders. Defenders must fundamentally rethink their approach to cyber resilience. Relying on trust alone is no longer enough – familiar platforms and tools can be turned against us.”
“Critical cyberattacks often unfold beyond the reach of traditional endpoint detection, and early warning signs like credential theft should be treated as indicators of potentially larger breaches.”
“By investing in comprehensive cybersecurity strategies and leveraging AI-powered defenses, Africa can position itself as a crucial front line against emerging threats and help build stronger, more resilient digital ecosystems,” concluded Varma.
Microsoft’s Secure Future Initiative, the largest cybersecurity engineering project in its history, is helping organisations in Africa build resilience against these emerging threats.
The initiative is evolving the way Microsoft designs, builds, tests, and operates its products and services, to achieve the highest possible standards for security.
Explore the full findings of the Microsoft Digital Defense Report 2025 here.
