Skip to content
Longterm Wiki
Back

Microsoft Digital Defense Report 2025

web
Microsoft·microsoft.com/en-us/security/security-insider/threat-land...

Credibility Rating

4/5
High(4)

High quality. Established institution or organization with editorial oversight and accountability.

Rating inherited from publication venue: Microsoft

This annual industry report from Microsoft is relevant to AI safety discussions around dual-use AI capabilities, the offensive use of AI by threat actors, and governance challenges in securing AI-enabled infrastructure at scale.

Metadata

Importance: 52/100organizational reportanalysis

Summary

Microsoft's 2025 Digital Defense Report analyzes the current cyber threat landscape, highlighting how AI is accelerating both offensive and defensive capabilities. It documents the industrialization of cybercrime, the 87% rise in destructive cloud attacks, and the increasing role of nation-state actors, while calling for innovation, resilience, and cross-sector collaboration as defensive priorities.

Key Points

  • AI-driven phishing is 3x more effective than traditional campaigns; threat actors increasingly use AI to scale attacks and automate intrusions.
  • Destructive cloud campaigns rose 87%; adversaries are targeting cloud infrastructure requiring Zero Trust and resilience-by-design approaches.
  • Cybercrime-as-a-service is proliferating, with access brokers selling entry to thousands of organizations, industrializing the criminal economy.
  • Microsoft blocked $4B in fraud and 1.6M fake account sign-ups per hour, illustrating the scale at which AI-powered defenses must operate.
  • Over 40% of ransomware attacks have a hybrid component; nation-state actors are expanding their role alongside financially motivated criminals.

Cited by 1 page

PageTypeQuality
Cyberweapons RiskRisk91.0

Cached Content Preview

HTTP 200Fetched Apr 7, 20269 KB
2025 Microsoft Digital Defense Report (MDDR) | Security Insider This is the Trace Id: 4c50686a818772b003b11bc9ecae5575 
 

 
 

 

 
 
 

 
 

 Skip to main content 

 
 

 
 Microsoft Digital Defense Report 2025</h1> "> Microsoft Digital Defense Report 2025

 Download the report Download the executive summary Share Share this article

 Facebook LinkedIn Twitter Overview The state of cyber defense

 We are living through a defining moment in cybersecurity, where digital transformation and AI are pushing threats to new levels of speed, scale, and sophistication. Cyberattacks are no longer isolated IT issues; they shape economies, geopolitics, and public trust.

 While defenders are already using AI to block billions in fraud, compress response times from hours to minutes, and scale protections globally, meeting this moment requires innovation to stay ahead of adversaries, resilience to recover from inevitable attacks, and partnership to strengthen culture and collaboration across industries and governments.

 This is not a retrospective. It is a call to action: the threats are compounding, the timelines for attack and therefore response are shrinking, and the stakes extend far beyond IT systems.  They reach into global stability, business continuity, and public trust.

 This year’s report highlights the most pressing themes in today’s threat landscape, for example the increased use of AI by threat actors, the proliferation of infostealers, and the growth of cybercrime as a service, and the expanding role of nation-state threat actors. Alongside the data, it outlines clear defensive priorities, from strengthening identity and cloud resilience to disrupting criminal supply chains and building stronger partnerships.

 Key themes

 Innovation 

 Threat actors are turning to AI to scale phishing and automate intrusions. Defenders must innovate just as quickly—using AI, automation, and secure-by-default practices—to stay ahead. Last year, Microsoft thwarted $4 billion in fraud attempts and blocked 1.6 million bot-driven or fake account sign-ups every hour, demonstrating the scale of defenses needed to match the pace of adversaries. 
 Resilience 

 Adversaries are increasingly attacking the cloud, with destructive campaigns up 87%. Resilience means operating through attacks, aided by security engineered into systems, supply chains, and governance. Security teams should follow the Zero Trust concept of assuming breach, and design for continuity. 
 Collaboration 

 Cybercrime is industrializing, with access brokers selling entry to thousands of organizations. Defenders must counter this cybercriminal economic growth with strong partnerships across industry peers, CERTs, governments, and internally by breaking silos and embedding security across teams. 
 Speed, Scale, Sophistication 

 AI-driven phishing is now three times more effective than traditional campaigns, and over 40% of ransomware attacks have a hybrid component. Defenders must counter with faste

... (truncated, 9 KB total)
Resource ID: 31a6292dc5d9663b | Stable ID: sid_kQGvZy0RJu