Extortion and Ransomware Drive Over Half of Cyberattacks — Sometimes Using AI, Microsoft Finds (microsoft.com)
- Reference: 0179826406
- News link: https://it.slashdot.org/story/25/10/19/0238212/extortion-and-ransomware-drive-over-half-of-cyberattacks-sometimes-using-ai-microsoft-finds
- Source link: https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/
And Microsoft's [2]annual digital threats report found operations expanding even more through AI, with cybercriminals "accelerating malware development and creating more realistic synthetic content, enhancing the efficiency of activities such as phishing and ransomware attacks."
> [L]egacy security measures are no longer enough; we need modern defenses leveraging AI and strong collaboration across industries and governments to keep pace with the threat...
>
> Over the past year, both attackers and defenders harnessed the power of generative AI. Threat actors are using AI to boost their attacks by automating phishing, scaling social engineering, creating synthetic media, finding vulnerabilities faster, and creating malware that can adapt itself... For defenders, AI is also proving to be a valuable tool. Microsoft, for example, uses AI to spot threats, close detection gaps, catch phishing attempts, and protect vulnerable users. As both the risks and opportunities of AI rapidly evolve, organizations must prioritize securing their AI tools and training their teams...
>
> Amid the growing sophistication of cyber threats, one statistic stands out: more than 97% of identity attacks are password attacks. In the first half of 2025 alone, identity-based attacks surged by 32%. That means the vast majority of malicious sign-in attempts an organization might receive are via large-scale password guessing attempts. Attackers get usernames and passwords ("credentials") for these bulk attacks largely from credential leaks. However, credential leaks aren't the only place where attackers can obtain credentials. This year, we saw a surge in the use of infostealer malware by cybercriminals...
>
> Luckily, the solution to identity compromise is simple. The implementation of phishing-resistant multifactor authentication (MFA) can stop over 99% of this type of attack even if the attacker has the correct username and password combination.
"Security is not only a technical challenge but a governance imperative..." Microsoft adds in their blog post. "Governments must build frameworks that signal credible and proportionate consequences for malicious activity that violates international rules." (The report also found that America is the #1 most-targeted country — and that many U.S. companies have outdated cyber defenses.)
But while "most of the immediate attacks organizations face today come from opportunistic criminals looking to make a profit," Microsoft writes that nation-state threats "remain a serious and persistent threat." More details [3]from the Associated Press :
> Russia, China, Iran and North Korea have sharply increased their use of artificial intelligence to deceive people online and mount cyberattacks against the United States, according to new research from Microsoft. This July, the company identified more than 200 instances of foreign adversaries using AI to create fake content online, more than double the number from July 2024 and more than ten times the number seen in 2023.
Examples of foreign espionage cited by the article:
China is continuing its broad push across industries to conduct espionage and steal sensitive data...
Iran is going after a wider range of targets than ever before, from the Middle East to North America, as part of broadening espionage operations..
"[O]utside of Ukraine, the top ten countries most affected by Russian cyber activity all belong to the North Atlantic Treaty Organization (NATO) — a 25% increase compared to last year."
North Korea remains focused on revenue generation and espionage...
There was one especially worrying finding. The report found that critical public services are often targeted, partly because their tight budgets limit their incident response capabilities, "often resulting in outdated software.... Ransomware actors in particular focus on these critical sectors because of the targets' limited options. For example, a hospital must quickly resolve its encrypted systems, or patients could die, potentially leaving no other recourse but to pay."
[1] https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/
[2] https://www.microsoft.com/en-us/security/security-insider/threat-landscape/microsoft-digital-defense-report-2025
[3] https://apnews.com/article/ai-cybersecurity-russia-china-deepfakes-microsoft-ad678e5192dd747834edf4de03ac84ee
Inside job? Regardless, payments should stop (Score:2)
Of all the ransomware cases ever, what are the odds that there hasn't ever been an inside job? Don't big organizations just pay up? "Accidentally" click on a link out of "stupidity" and some powerful person/people sends some random crypto address $$$,$$$ or $,$$$,$$$.
In any case they should make it illegal to pay ransomware attacks. If anyone at say a hospital dies, charge the scammers with murder.
> I'd still prefer that to no hospital at all in the case of my life depending on it.......
Just make sure you're not an organ donor. They might start harvesting before your dead. Instead of saving yo
Microsoft should know (Score:2)
They enable more than 50% of ransomware.
Re: (Score:2)
Indeed. And when you take into account how they corrupt the IT culture, it comes closer to 90%. I mean there are IT "experts" out there that genuinely think MS does it right and well and can be used as an example how to do it. When in reality, MS makes beginner's mistake after beginner's mistake and is completely unable to keep up with the changing and increasing threat.
Yes. And what is the recommendation? (Score:2)
Vendor liability, regulation and certification? No? No surprise. Because that is what did it for all other engineering disciplines and finally dragged them kicking and screaming into maturity and made them reliable and dependable. As long as Microsoft with its ever 2nd and 3rd rated crap is around, that is not going to happen. They need to die.
Re: (Score:2)
Recently "... dragged kicking ad screaming ..." euns a bit over-the-top. Do you not think that a ROMAN Centurian carefully watched the design/manufacture/assembly of his centuries ballista "machine" ? Or that makers of failing ballista escaped the flog ? I also understand that maedevil GUILDS were picky about apprentice training not just to limit supply, but because a just G*d was watching them construct the cathedral. Professional certification of engineers is pretty-much a 19
How can we know the percentage of espionage cases? (Score:1)
How can we know the percentage of espionage cases VS extortion? The goal of espionage is to stay discrete, and extortion to be noisy. I think that espionage cases might never be detected by the nature of it.
Re: (Score:2)
It depends. Really competent spies stay undetected. But remember not even the NSA can perform on that level consistently.
Re: (Score:1)
In deed, but I would take those espionage statistics with a grain of salt. I think they would typically indicate the emerged part of the iceberg.
Oh the Vogonity! (Score:2)
The sheer irony of Microsoft - Microsoft, of all people/ corporations - protesting about the bad effects of ransomware and extortionate demands.
I don't know if you could make up something as funny intentionally, but it's certainly beyond me.
If AI just hallucinates (Score:2)
If AI just hallucinates how can scammers use it to make actual money?
In other news.... (Score:4, Interesting)
...money drives half of crime. I mean, quantifying the number is interesting but was this written by an AI or Mr. Obvious?
> "Governments must build frameworks that signal credible and proportionate consequences for malicious activity that violates international rules."
Translation: Crime flourishes when the government looks the other way. Yes?
> For example, a hospital must quickly resolve its encrypted systems, or patients could die, potentially leaving no other recourse but to pay."
Is this scare mongering, or real?? What hospital is running life support on public networks? You know what, I'd rather not know because when you're in a life and death situation, the closest hospital is the best one and it probably is running BloodPumperPro on the internal LAN and, unfortunately, I'd still prefer that to no hospital at all in the case of my life depending on it.......
Re: (Score:3)
> I'd rather not know because when you're in a life and death situation, the closest hospital is the best one and it probably is running BloodPumperPro on the internal LAN
This is the biggest problem in computer security, all the critical stuff that depends on a network connection accessible through an internet connection which is writable. Connections between the internet and critical control networks should be read-only. No critical medical or infrastructure equipment should ever have to "phone home" to verify that you still have a right to operate it. The entire idea is not only repugnant, it's literally contradictory to national security.
Re: (Score:2)
It is also the standard situation, because it is allowed and vendors are run by cheap, greedy fucks that want to squeeze the last dollar out of anything.
I have done an IT security and network audit over a large university hospital. This is not speculation on my part. And there is reason to believe privately run hospitals are much worse than what I have seen.
Re: (Score:2)
> ...money drives half of crime. I mean, quantifying the number is interesting but was this written by an AI or Mr. Obvious?
>> "Governments must build frameworks that signal credible and proportionate consequences for malicious activity that violates international rules."
> Translation: Crime flourishes when the government looks the other way. Yes?
Also, those "frameworks" are quite obvious. All other engineering disciplines have them. They are called vendor and engineering liability, certification and regulation. Obviously, makers of incredible crap like Microsoft would die, so they are working hard against any of that.
>> For example, a hospital must quickly resolve its encrypted systems, or patients could die, potentially leaving no other recourse but to pay."
> Is this scare mongering, or real?? What hospital is running life support on public networks? You know what, I'd rather not know because when you're in a life and death situation, the closest hospital is the best one and it probably is running BloodPumperPro on the internal LAN and, unfortunately, I'd still prefer that to no hospital at all in the case of my life depending on it.......
No, this is real. I have done an IT security and network audit over a major university hospital a while ago and happen to know they were not especially bad. They had things like pass-all firewalls on the border of the "medical devices
Re: (Score:2)
> Is this scare mongering, or real??
yes and no. it's a slashvertisment like most of what editordavid posts. the author is a lawyer by training who has made her whole career working in high managerial positions at microsoft, now in something called the "customer trust counsel". meaning, she has actually no real clue about cybersecurity except having looked at tons of powerpoints in her life, just repeats what she's told in pr format, and her main purpose is to signal to microsoft customers how much microsoft cares, how hard they're working and