Most cyberattacks are financially motivated, Microsoft study says
In 80% of all cybersecurity incidents that Microsoft’s security teams investigated last year, attackers tried to steal personal or other sensitive information via illegally obtained login credentials. In over half of these cases, the attackers were fueled by financial gain rather than intelligence gathering. Nation-state actors remain the most important threat.
These are some of the key findings in Microsoft’s sixth annual Digital Defense Report, which was published on Thursday and covers Cybercrime trends between July 2024 and June 2025.
Cyber threats most frequently impact people in the United States. According to Microsoft, approximately a quarter of all cyberattacks (23.7%) took place in the US, followed by the United Kingdom (5.9%), Germany (3.4%), Israel (3.1%), and Ukraine (2.8%).
Malicious actors remain focused on attacking critical public services, such as emergency services, hospitals, schools, transportation, and political institutions. These targets are attractive because they store lots of sensitive data and have tight cybersecurity budgets with limited incident response capabilities. In addition, they have limited options once they have been targeted by threat actors.
“While cybercriminals are the biggest cyber threat by volume, nation-state actors still target key industries and regions, expanding their focus on espionage and, in some cases, on financial gain,” the Microsoft researchers say.
For example, China and Iran continue to target businesses and organizations with lots of sensitive data to conduct espionage and steal confidential information. North Korean hackers, on the other hand, remain focused on revenue generation and espionage. Russian state-affiliated actors have not only targeted Ukraine, but small businesses in countries supporting Ukraine as well.
Another trend observed over the past 12 months is that both attackers and defenders have relied more heavily on the power of generative AI.
Threat actors have been using AI to boost their attacks by automating phishing, scaling social engineering, creating synthetic media, finding vulnerabilities faster, and creating malware that can adapt itself. Defenders have used AI to spot threats, close detection gaps, catch phishing attempts, and protect vulnerable users.
One of the most worrisome conclusions is that threat actors use login credentials to gain access to corporate networks. Usernames and passwords aren’t solely obtained from credential leaks at third parties or bought on the dark web – they’re also gathered via infostealer malware or so-called “access brokers.” These are individuals who compromise systems within organizations and then sell access to these machines to other criminals.
According to Microsoft, the solution to identity compromise is simple. For individuals, simple steps like using strong security tools, especially phishing-resistant multifactor authentication (MFA), make a big difference, as MFA can block over 99% of identity-based attacks, even if the attacker has the correct username and password combination.
“As threat actors grow more sophisticated, persistent, and opportunistic, organizations must stay vigilant, continually updating their defenses and sharing intelligence,” Microsoft concludes in its Digital Defense Report.
Governments have to play their part by building frameworks that provide economic stability, good governance, personal safety, and minimize the risks of cyber threats.
Unlock more exclusive Cybernews content on YouTube.
