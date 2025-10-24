Emma Okonji

The Microsoft Digital Defense Report (MDDR 2025) released on Wednesday, has exposed how new cyber threats such as AI-generated content is flooding digital spaces, overwhelming detection systems and enabling deepfake-enabled fraud, voice cloning, and the creation of synthetic identities at scale.

The report highlights a 195 per cent global increase in AI-generated IDs used to bypass identity verification and exploit free trials or launch attacks from disposable tenants.

The MDDR 2025 report, which offered a sweeping view of the global cyber threat landscape, further explained that the attackers target individual and organisation’s data for financial gains, with Africa as their focus, especially in South Africa, Nigeria and Egypt, where the attack is highest.

Microsoft, in the report, provided critical insights for business leaders across Africa on how to detect and disrupt the attacks.

Drawing from Microsoft’s unique vantage point and over 100 trillion daily security signals, the report highlights a significant expansion in the reach of cybercriminals over the past year, with a growing focus on North and South African countries. It also details how nation-state actors are refining their methods, harnessing artificial intelligence, exploiting trusted platforms, and targeting high-value industries with remarkable accuracy.

Analysing the report, Microsoft’s Chief Security Advisor for Africa, Kerissa Varma, said: “Africa isn’t just a target, it has become a proving ground for the latest cyber threats. We’re witnessing attackers harness AI to craft phishing messages tailored to local languages and cultural contexts, impersonate trusted individuals, and exploit the very platforms we depend on.

“Many of the advanced tactics are first tested on the African continent. Last year, 80 per cent of the cyber incidents investigated by Microsoft’s security teams, revealed that attackers targeted data theft, a trend primarily motivated by financial gain rather than intelligence gathering. According to the World Economic Forum’s Cybercrime Impact Atlas Report 2025, arrests have increased across 19 African countries. However, the overall impact of cybercrime escalated sharply, as the total value of cybercrime surged from $192 million to $484 million, and the number of victims jumped from 35,000 to 87,000.”

The Digital Defense Report highlights the growing proficiency of criminal methods, with Business Email Compromise (BEC) emerging as the most financially damaging threat.

Although BEC accounted for just two per cent of observed threats, it was the outcome in 21 per cent of successful attacks, surpassing ransomware (16 per cent). These attacks often begin with phishing or password spraying, followed by inbox rule manipulation, multi-factor authentication (MFA) tampering, and email thread hijacking; tactics that enable trust-building and privilege escalation, the report said.

It further explained that South Africa has been identified as a global hotspot for BEC infrastructure setup and money mule recruitment. A case study on Storm-2126, a Nigerian-origin threat actor operating out of South Africa since 2017, illustrates the transnational nature of these attacks, which have targeted US real estate firms, law practices, and tile companies.

The report also highlighted a dramatic shift in attacker behavior, with adversaries now favouring multi-stage attack chains that blend technical exploits, social engineering, and infrastructure abuse. Tactics such as ClickFix, where users are tricked into manually executing malicious code and impersonation via Microsoft Teams are enabling attackers to bypass traditional defenses and gain remote access under the guise of IT support, the report said.

“This is a pivotal moment for African business leaders. Defenders must fundamentally rethink their approaches to cyber resilience. Relying on trust alone is no longer enough – familiar platforms and tools can be turned against us. Critical cyberattacks often unfold beyond the reach of traditional endpoint detection, and early warning signs like credential theft should be treated as indicators of potentially larger breaches. By investing in comprehensive cybersecurity strategies and leveraging AI-powered defenses, Africa can position itself as a crucial front line against emerging threats and help build stronger, more resilient digital ecosystems,” Varma said