Extortion and Ransomware Drive Over Half of Cyberattacks — Sometimes Using AI, Microsoft Finds (microsoft.com) 6
Microsoft said in a blog post this week that "over half of cyberattacks with known motives were driven by extortion or ransomware... while attacks focused solely on espionage made up just 4%."
And Microsoft's annual digital threats report found operations expanding even more through AI, with cybercriminals "accelerating malware development and creating more realistic synthetic content, enhancing the efficiency of activities such as phishing and ransomware attacks." [L]egacy security measures are no longer enough; we need modern defenses leveraging AI and strong collaboration across industries and governments to keep pace with the threat...
Over the past year, both attackers and defenders harnessed the power of generative AI. Threat actors are using AI to boost their attacks by automating phishing, scaling social engineering, creating synthetic media, finding vulnerabilities faster, and creating malware that can adapt itself... For defenders, AI is also proving to be a valuable tool. Microsoft, for example, uses AI to spot threats, close detection gaps, catch phishing attempts, and protect vulnerable users. As both the risks and opportunities of AI rapidly evolve, organizations must prioritize securing their AI tools and training their teams...
Amid the growing sophistication of cyber threats, one statistic stands out: more than 97% of identity attacks are password attacks. In the first half of 2025 alone, identity-based attacks surged by 32%. That means the vast majority of malicious sign-in attempts an organization might receive are via large-scale password guessing attempts. Attackers get usernames and passwords ("credentials") for these bulk attacks largely from credential leaks. However, credential leaks aren't the only place where attackers can obtain credentials. This year, we saw a surge in the use of infostealer malware by cybercriminals...
Luckily, the solution to identity compromise is simple. The implementation of phishing-resistant multifactor authentication (MFA) can stop over 99% of this type of attack even if the attacker has the correct username and password combination.
"Security is not only a technical challenge but a governance imperative..." Microsoft adds in their blog post. "Governments must build frameworks that signal credible and proportionate consequences for malicious activity that violates international rules." (The report also found that America is the #1 most-targeted country — and that many U.S. companies have outdated cyber defenses.)
But while "most of the immediate attacks organizations face today come from opportunistic criminals looking to make a profit," Microsoft writes that nation-state threats "remain a serious and persistent threat." More details from the Associated Press: Russia, China, Iran and North Korea have sharply increased their use of artificial intelligence to deceive people online and mount cyberattacks against the United States, according to new research from Microsoft. This July, the company identified more than 200 instances of foreign adversaries using AI to create fake content online, more than double the number from July 2024 and more than ten times the number seen in 2023.
Examples of foreign espionage cited by the article:
And Microsoft's annual digital threats report found operations expanding even more through AI, with cybercriminals "accelerating malware development and creating more realistic synthetic content, enhancing the efficiency of activities such as phishing and ransomware attacks." [L]egacy security measures are no longer enough; we need modern defenses leveraging AI and strong collaboration across industries and governments to keep pace with the threat...
Over the past year, both attackers and defenders harnessed the power of generative AI. Threat actors are using AI to boost their attacks by automating phishing, scaling social engineering, creating synthetic media, finding vulnerabilities faster, and creating malware that can adapt itself... For defenders, AI is also proving to be a valuable tool. Microsoft, for example, uses AI to spot threats, close detection gaps, catch phishing attempts, and protect vulnerable users. As both the risks and opportunities of AI rapidly evolve, organizations must prioritize securing their AI tools and training their teams...
Amid the growing sophistication of cyber threats, one statistic stands out: more than 97% of identity attacks are password attacks. In the first half of 2025 alone, identity-based attacks surged by 32%. That means the vast majority of malicious sign-in attempts an organization might receive are via large-scale password guessing attempts. Attackers get usernames and passwords ("credentials") for these bulk attacks largely from credential leaks. However, credential leaks aren't the only place where attackers can obtain credentials. This year, we saw a surge in the use of infostealer malware by cybercriminals...
Luckily, the solution to identity compromise is simple. The implementation of phishing-resistant multifactor authentication (MFA) can stop over 99% of this type of attack even if the attacker has the correct username and password combination.
"Security is not only a technical challenge but a governance imperative..." Microsoft adds in their blog post. "Governments must build frameworks that signal credible and proportionate consequences for malicious activity that violates international rules." (The report also found that America is the #1 most-targeted country — and that many U.S. companies have outdated cyber defenses.)
But while "most of the immediate attacks organizations face today come from opportunistic criminals looking to make a profit," Microsoft writes that nation-state threats "remain a serious and persistent threat." More details from the Associated Press: Russia, China, Iran and North Korea have sharply increased their use of artificial intelligence to deceive people online and mount cyberattacks against the United States, according to new research from Microsoft. This July, the company identified more than 200 instances of foreign adversaries using AI to create fake content online, more than double the number from July 2024 and more than ten times the number seen in 2023.
Examples of foreign espionage cited by the article:
- China is continuing its broad push across industries to conduct espionage and steal sensitive data...
- Iran is going after a wider range of targets than ever before, from the Middle East to North America, as part of broadening espionage operations..
- "[O]utside of Ukraine, the top ten countries most affected by Russian cyber activity all belong to the North Atlantic Treaty Organization (NATO) — a 25% increase compared to last year."
- North Korea remains focused on revenue generation and espionage...
There was one especially worrying finding. The report found that critical public services are often targeted, partly because their tight budgets limit their incident response capabilities, "often resulting in outdated software.... Ransomware actors in particular focus on these critical sectors because of the targets' limited options. For example, a hospital must quickly resolve its encrypted systems, or patients could die, potentially leaving no other recourse but to pay."
In other news.... (Score:3)
...money drives half of crime. I mean, quantifying the number is interesting but was this written by an AI or Mr. Obvious?
"Governments must build frameworks that signal credible and proportionate consequences for malicious activity that violates international rules."
Translation: Crime flourishes when the government looks the other way. Yes?
For example, a hospital must quickly resolve its encrypted systems, or patients could die, potentially leaving no other recourse but to pay."
Is this scare mongering, or real?? What hospital is running life support on public networks? You know what, I'd rather not know because when you're in a life and death situation, the closest hospital is the best one and it probably is running BloodPumperPro on the internal LAN and, unfortunately, I'd still prefer that to no hospital at all in the case of my life depending on it.......
Re: (Score:2)
I'd rather not know because when you're in a life and death situation, the closest hospital is the best one and it probably is running BloodPumperPro on the internal LAN
This is the biggest problem in computer security, all the critical stuff that depends on a network connection accessible through an internet connection which is writable. Connections between the internet and critical control networks should be read-only. No critical medical or infrastructure equipment should ever have to "phone home" to verify that you still have a right to operate it. The entire idea is not only repugnant, it's literally contradictory to national security.
Inside job? Regardless, payments should stop (Score:2)
In any case they should make it illegal to pay ransomware attacks. If anyone at say a hospital dies, charge the scammers with murder.
I'd still prefer that to no hospital at all in the case of my life depending on it.......
Just make sure you're not an organ donor. They might start harvesting before your dead. Instead of saving yo
Microsoft should know (Score:2)
They enable more than 50% of ransomware.
Re: (Score:2)
Indeed. And when you take into account how they corrupt the IT culture, it comes closer to 90%. I mean there are IT "experts" out there that genuinely think MS does it right and well and can be used as an example how to do it. When in reality, MS makes beginner's mistake after beginner's mistake and is completely unable to keep up with the changing and increasing threat.
Yes. And what is the recommendation? (Score:2)
Vendor liability, regulation and certification? No? No surprise. Because that is what did it for all other engineering disciplines and finally dragged them kicking and screaming into maturity and made them reliable and dependable. As long as Microsoft with its ever 2nd and 3rd rated crap is around, that is not going to happen. They need to die.