Microsoft's New Threat Report Issues a High-alert Warning for Africa

Microsoft has just released its 2025 Digital Defense Report, and it paints a serious picture of cyber threats growing all over the world, especially in Africa. In fact, the report says Africa is now a testing ground for some of the most advanced cyber attacks out there.

Looking at over 100 trillion daily security signals, Microsoft’s new threat report shows cybercriminals are expanding their reach, focusing more on North Africa and other digital hotspots across the continent. It also points out that nation-state hackers are using artificial intelligence (AI) to make their attacks smarter. They’re exploiting trusted digital platforms and targeting important industries with great precision.

Kerissa Varma, Microsoft’s Chief Security Advisor for Africa, warns, “Africa isn’t just a target; it has become a proving ground for the latest cyber threats. Attackers are using AI to create phishing messages in local languages, pretend to be trusted people, and exploit the platforms we all rely on.”

The report reveals that almost 80% of cyber incidents Microsoft investigated last year were about stealing data, mostly driven by money rather than spying. This matches findings from the World Economic Forum’s Cybercrime Impact Atlas Report 2025, which says even though more arrests have happened in 19 African countries, the cost of cybercrime keeps rising.

Microsoft's new threat report issues warning for Africa

Cybercrime’s financial impact jumped from $192 million to $484 million, while the number of victims more than doubled, from 35,000 to 87,000, in just one year.

One of the worst cyber threats highlighted is Business Email Compromise (BEC). Even though BEC only made up 2% of cyber activity, it caused 21% of successful attacks, more than ransomware, which caused 16%. These scams usually start with phishing or password attacks, then move on to trickier tactics like messing with multi-factor authentication, changing inbox rules, and hijacking email threads.

South Africa stands out in the report as a major hotspot for BEC setups and recruiting money mules. A group called Storm-2126, originally from Nigeria but operating in South Africa since 2017, has been targeting U.S. real estate and law firms.

Another big change is the rise of multi-stage attacks powered by AI. These attacks combine tech hacks, social engineering, and abuse of infrastructure. AI-based phishing now has a 54% click rate, more than four times higher than old-style phishing, and can make attacks up to 50 times more profitable.

Microsoft’s new threat report also points out a 195% global rise in AI-generated fake identities. These fake IDs help attackers dodge verification and launch attacks from throwaway accounts.

Varma advises African business leaders: “Trust alone isn’t enough anymore. Even the tools and platforms we trust can be used against us. Early warning signs like stolen login details should alert us to bigger breaches ahead.”

To fight these risks, Microsoft has launched its Secure Future Initiative (SFI), the company’s biggest cybersecurity project ever. This program aims to build security into every part of Microsoft’s products and services.

With smart cybersecurity and AI defenses, Microsoft believes Africa can become a key player in stopping cyber threats and building stronger, safer digital networks. Varma says this shift can help African organizations grow more secure and resilient in the face of these new challenges.

Was this information useful? Drop a nice comment below. You can also check out other useful contents by following us on X/Twitter @siliconafritech, Instagram @Siliconafricatech, or Facebook @SiliconAfrica.