Microsoft’s 2025 Digital Defense Report delivers one of the most comprehensive analyses of the global cyberthreat landscape to date, capturing insights from over 100 trillion daily security signals. The report reveals how nation-state actors and cybercriminals are evolving rapidly, weaponizing artificial intelligence and exploiting trusted digital platforms to target high-value sectors across the world — with Africa emerging as a key testing ground for these attacks.
According to Kerissa Varma, Microsoft’s Chief Security Advisor for Africa, “Africa isn’t just a target, it has become a proving ground for the latest cyber threats.” She explains that attackers are now using AI to create phishing content tailored to local languages and cultural nuances, impersonate familiar individuals, and manipulate commonly used platforms — tactics that are being refined and deployed from within the continent itself.
The Changing Nature of Cyber Threats in Africa
Microsoft’s findings show that in 80% of cyber incidents reported over the past year, attackers aimed to steal data, driven mainly by financial gain rather than political or intelligence motives. Supporting this, the World Economic Forum’s Cybercrime Impact Atlas 2025 revealed that the total value of cyberattacks in Africa rose dramatically — from $192 million to $484 million — while the number of victims grew from 35,000 to 87,000 across 19 countries.
Among these, Business Email Compromise (BEC) emerged as the most financially damaging form of cyberattack. Although BEC accounted for only 2% of total incidents, it was responsible for 21% of successful breaches. Attackers typically begin with phishing or password spraying, then move on to inbox manipulation, multi-factor authentication tampering, and email thread hijacking.
The report singles out South Africa as a significant hub for BEC infrastructure and money mule recruitment. It highlights Storm-2126, a Nigerian-origin threat group operating from South Africa since 2017, known for targeting real estate, legal, and tile manufacturing firms in the United States.
AI Use in Cyberattacks
Artificial intelligence is reshaping the cybercrime ecosystem. Microsoft reports that AI-enhanced phishing campaigns now achieve a 54% click-through rate — a staggering 4.5 times higher than traditional methods — and can increase criminal profitability up to 50-fold.
New attack techniques like ClickFix, which deceive users into manually executing malicious code, and impersonation attacks through Microsoft Teams, are enabling criminals to bypass traditional security systems. The report also notes a 195% global rise in AI-generated identities, which are increasingly being used to bypass verification checks and exploit free software trials for malicious activity.
Building Cyber Resilience in Africa
Kerissa Varma emphasized that this moment represents a turning point for African enterprises. “Defenders must fundamentally rethink their approaches to cyber resilience. Relying on trust alone is no longer enough,” she warned.
Microsoft urges businesses to adopt AI-powered defense systems, invest in cybersecurity training, and build cross-border threat intelligence partnerships to counter evolving risks. The company believes Africa can play a strategic role in developing innovative digital defense mechanisms that not only protect local economies but also strengthen the global cybersecurity ecosystem.
Microsoft’s 2025 Digital Defense Report delivers one of the most comprehensive analyses of the global cyberthreat landscape to date, capturing insights from over 100 trillion daily security signals. The report reveals how nation-state actors and cybercriminals are evolving rapidly, weaponizing artificial intelligence and exploiting trusted digital platforms to target high-value sectors across the world — with Africa emerging as a key testing ground for these attacks.
According to Kerissa Varma, Microsoft’s Chief Security Advisor for Africa, “Africa isn’t just a target, it has become a proving ground for the latest cyber threats.” She explains that attackers are now using AI to create phishing content tailored to local languages and cultural nuances, impersonate familiar individuals, and manipulate commonly used platforms — tactics that are being refined and deployed from within the continent itself.
The Changing Nature of Cyber Threats in Africa
Microsoft’s findings show that in 80% of cyber incidents reported over the past year, attackers aimed to steal data, driven mainly by financial gain rather than political or intelligence motives. Supporting this, the World Economic Forum’s Cybercrime Impact Atlas 2025 revealed that the total value of cyberattacks in Africa rose dramatically — from $192 million to $484 million — while the number of victims grew from 35,000 to 87,000 across 19 countries.
Among these, Business Email Compromise (BEC) emerged as the most financially damaging form of cyberattack. Although BEC accounted for only 2% of total incidents, it was responsible for 21% of successful breaches. Attackers typically begin with phishing or password spraying, then move on to inbox manipulation, multi-factor authentication tampering, and email thread hijacking.
The report singles out South Africa as a significant hub for BEC infrastructure and money mule recruitment. It highlights Storm-2126, a Nigerian-origin threat group operating from South Africa since 2017, known for targeting real estate, legal, and tile manufacturing firms in the United States.
AI Use in Cyberattacks
Artificial intelligence is reshaping the cybercrime ecosystem. Microsoft reports that AI-enhanced phishing campaigns now achieve a 54% click-through rate — a staggering 4.5 times higher than traditional methods — and can increase criminal profitability up to 50-fold.
New attack techniques like ClickFix, which deceive users into manually executing malicious code, and impersonation attacks through Microsoft Teams, are enabling criminals to bypass traditional security systems. The report also notes a 195% global rise in AI-generated identities, which are increasingly being used to bypass verification checks and exploit free software trials for malicious activity.
Building Cyber Resilience in Africa
Kerissa Varma emphasized that this moment represents a turning point for African enterprises. “Defenders must fundamentally rethink their approaches to cyber resilience. Relying on trust alone is no longer enough,” she warned.
Microsoft urges businesses to adopt AI-powered defense systems, invest in cybersecurity training, and build cross-border threat intelligence partnerships to counter evolving risks. The company believes Africa can play a strategic role in developing innovative digital defense mechanisms that not only protect local economies but also strengthen the global cybersecurity ecosystem.
