Hackers are stealing the keys and walking through the front door, and AI is helping them turn the handle

News
By published

Microsoft's Digital Defense Report lays bare the threats organizations faced in 2025

Security padlock and circuit board to protect data
(Image credit: Getty Images)
  • Microsoft's Digital Defense Report reveals that latest cybersecurity trends
  • Hackers and defenders are turning to AI to boost productivity
  • Nation-state hackers are launching even more attacks

With great power comes great responsibility, but in the case of artificial intelligence Uncle Ben’s words aren’t hitting home.

Hackers are increasingly integrating AI into their attack patterns, using it to craft convincing phishing emails to steal login credentials.

After all, why battle with cyber defenses that an organization has spent tens of thousands of dollars on when you can simply steal the keys and walk through the door. But there is hope…

Panning for digital gold

Microsoft’s sixth Digital Defense Report (DDR), released today, has found that over 80% of the attacks investigated by Microsoft’s security teams were in pursuit of data. Hackers are earning big bucks by accessing systems, stealing and then encrypting or deleting data, and then ransoming the data back to the victim.

While the hackers may be financially motivated, the attacks have real world consequences. Recent trends have shown that attackers are turning towards critical health services and government systems, particularly those that rely on outdated hardware or without the funds to mount a proper defense.

After being hit by ransomware, hospitals and care facilities are more inclined to pay to restore access to systems, or otherwise face operation delays and even patient deaths. Humans remain the weakest link in cybersecurity, with credentials being stolen to bypass security systems and access the heart of organizations.

Luckily, there is a simple tool that can defend against 99% of identity-based attacks. Multi-factor authentication prevents attackers from logging into accounts even if they have the correct credentials by requiring verification that the login attempt is coming from the legitimate account owner.

Authentication apps are especially effective against infostealing malware. Even if it is successfully deployed within an organization and harvesting credentials, the data it gathers is effectively useless if the attackers cannot also authenticate themselves.

AI on the rise

Attackers and defenders are increasingly turning to AI to crack and patch up cyber defenses. Rather than sending emails manually, attackers are using AI to craft convincing copy in multiple languages and then sending it out en masse.

AI is also enabling hackers to build malware that can mutate, giving it an effective camouflage against security software. In fact, AI’s usage within the cyber world has risen almost in sequence with the release of powerful new models.

Defenders are also taking advantage of AI tools to spot phishing attacks, new malware, training, and potential threats - so there is a balance.

State-sponsored espionage on the rise

Hackers aren’t all just regular Joes taking a bet on ransoming data for a quick pay day - sophisticated nation-state actors are launching more campaigns for intelligence gathering, disruption, and financial gain.

For example, China has launched numerous high-profile campaigns over the past year, with the most prolific attack being against major US telecommunications providers. Iran is targeting western maritime commerce organizations, potentially signaling attacks against commercial shipping in the Middle East.

Microsoft also noted a significant expansion in Russian groups targeting organizations dedicated to supporting Ukraine, particularly small businesses without the budget to pay for powerful protection suites.

North Korean groups continue to seek funding for the hermit kingdom, with attackers successfully applying for jobs in targeted companies, stealing sensitive information to further tech development at home, and deploying ransomware when discovered as a way to deliver extra funds back home.

And the future?

In the 2025 DDR, Microsoft calls on governments as well as private organizations to increase intelligence sharing and training. Microsoft also believes that greater security governance could help to provide a deterrent for organizations that might pay a ransom. After all, if you remove the incentive to deploy ransomware, hackers will (theoretically) stop deploying ransomware.

Microsoft also says that fighting against the rapidly evolving security environment is a societal challenge as the economic, governmental, and social systems we rely on are in grave danger. Deterrence is the goal, with governments calling out nation-state attacks and applying sanctions, offering real world consequences for hostile nations.

You might also like

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.