AI Agents, Deepfakes and Digital Twinning: Microsoft’s Latest Threat Report Puts Africa on High Alert.
By Peace Muthoka.
New cyberthreats such as AI-enhanced phishing could make cyberattacks up to 50 times more profitable.
October 22, 2025 — Microsoft has released its 2025 Digital Defense Report, offering a comprehensive view of the global cyberthreat landscape and critical insights for business leaders across Africa. Drawing from more than 100 trillion daily security signals, the report paints a stark picture of how cybercriminals have expanded their operations over the past year, with an increasing focus on North African countries. It also reveals how nation-state actors are refining their techniques, using artificial intelligence, exploiting trusted platforms, and targeting high-value industries with growing precision.
“Africa isn’t just a target — it has become a proving ground for the latest cyber threats,” said Kerissa Varma, Microsoft’s Chief Security Advisor for Africa. “We’re witnessing attackers harness AI to craft phishing messages in local languages, impersonate trusted individuals, and exploit the very platforms we rely on. Many of these advanced tactics are first tested right here on the continent.”
Microsoft’s security teams found that in 80 percent of the cyber incidents they investigated last year, attackers were after data mostly for financial gain rather than espionage. According to the World Economic Forum’s Cybercrime Impact Atlas Report 2025, arrests have risen across 19 African countries, but the overall cost of cybercrime has climbed sharply. Losses jumped from $192 million to $484 million, while the number of victims surged from 35,000 to 87,000.
The Digital Defense Report identifies Business Email Compromise (BEC) as the most financially damaging form of cybercrime. Although BEC represented only two percent of observed threats, it accounted for 21 percent of successful attacks, surpassing ransomware at 16 percent. These schemes often begin with phishing or password spraying, followed by inbox rule manipulation, multi-factor authentication tampering, and email thread hijacking all designed to build trust and escalate access.
South Africa has emerged as a global hotspot for BEC operations and money mule recruitment. A case study on Storm-2126, a Nigerian-origin threat actor operating from South Africa since 2017, illustrates the cross-border nature of these crimes, which have targeted U.S. real estate firms, law practices, and tile companies.
The report also reveals that attackers are shifting toward multi-stage attack chains combining technical exploits, social engineering, and infrastructure abuse. Tactics such as ClickFix where users are tricked into manually running malicious code and impersonation via Microsoft Teams are helping criminals bypass traditional defenses and gain remote access by posing as IT support.
Artificial intelligence is rapidly changing the threat landscape. AI-driven phishing campaigns now achieve a 54 percent click-through rate 4.5 times higher than conventional phishing and can increase attackers’ profits by as much as 50 times. Criminals are using autonomous malware capable of spreading and escalating privileges without human control. At the same time, AI-generated content is flooding online spaces, overwhelming detection systems, and enabling deepfake scams, voice cloning, and the creation of fake digital identities at scale. Microsoft reports a 195 percent global surge in AI-generated IDs used to bypass verification, exploit free trials, or launch attacks from disposable accounts.
“This is a pivotal moment for African business leaders,” Varma warned. “Defenders must rethink their approach to cyber resilience. Trust alone is no longer enough familiar platforms can be turned against us. Critical attacks often happen beyond the reach of traditional detection tools, and early signs like credential theft should be treated as indicators of larger breaches.”
Varma added that by investing in robust cybersecurity strategies and adopting AI-powered defenses, Africa can position itself as a key front line in the global fight against emerging threats while strengthening its digital ecosystems.
Microsoft’s Secure Future Initiative — the largest cybersecurity engineering effort in the company’s history — is supporting organizations across Africa in building resilience against these new dangers. The initiative is transforming how Microsoft designs, builds, tests, and operates its products and services to achieve the highest levels of security.
Readers can explore the full findings in the Microsoft Digital Defense Report 2025.
