The evolution of cyber threats: Key insights from Microsoft’s latest report. As cyber threats continue to evolve at an unprecedented pace, Microsoft’s latest cybersecurity intelligence reveals a complex landscape where artificial intelligence (AI) is both empowering defenders and enabling sophisticated criminal enterprises.

Drawing from Microsoft’s synthesis of over 75 trillion daily security signals and recent threat intelligence, several critical trends are reshaping the global cybersecurity landscape with particularly concerning implications for South Africa and the broader African continent.

The rise of AI-powered deception

The most significant development in our threat intelligence is the weaponization of AI by cybercriminals. Between April 2024 and April 2025, Microsoft thwarted $4 billion in fraud attempts, many of which incorporated AI-generated content designed to deceive victims with unprecedented sophistication.

Deepfake detection algorithms are now essential for identifying AI-generated interviews where facial expressions and speech patterns may not align naturally. This technology is being deployed by criminals in recruitment scams, CEO fraud schemes, and romantic deception campaigns across Africa.

The implications for South Africa are particularly acute, because it is becoming increasingly difficult for people to distinguish real from fake, as deepfakes—AI-generated video and audio—are being used to impersonate trusted individuals and deceive victims into handing over money or credentials. This trend represents a fundamental shift in the threat landscape, moving beyond traditional phishing emails to sophisticated audio-visual deception that can fool even security-conscious individuals.

Attacks on critical applications: the increasing battleground for SA businesses

In South Africa, attackers are increasingly compromising critical business application vulnerabilities. These attacks exploit the very tools and software that organizations rely on—like web applications, APIs and cloud services—often bypassing conventional security controls.

For local financial institutions and critical infrastructure, this represents an area of risk that requires immediate attention.

These attacks target the very services that have become essential to South Africa’s digital economy. Banking applications, e-commerce platforms, utility services and government digital services are increasingly at risk from attackers who mimic legitimate application usage to go unnoticed or gain advanced access to systems and data. The impact on businesses and economic stability when the systems that support our economy are threaten has far-reaching consequences that are not easy to recover from.

Education sector under siege

A particularly concerning trend identified in our threat intelligence is the targeting of educational institutions. Education and research became the second-most targeted sector by nation-state threat actors in 2024. These institutions, offering intelligence on research and policy, are often use in testing grounds before pursuing their actual targets.

For South Africa, this poses risks not only to academic institutions but to the broader knowledge economy. Universities and research institutions that are developing critical technologies, policy frameworks, and educational resources are becoming stepping stones for more significant attacks on government and private sector targets.

South African cyber threat landscape: local challenges

Based on extensive field research and threat monitoring across the African continent, several South Africa-specific threats have emerged that require immediate attention:

Romance and investment scams

South African consumers are increasingly targeted by sophisticated romance scams that now incorporate AI-generated profile images and even voice synthesis. These scams often begin on social media platforms and migrate to messaging applications, where criminals establish long-term relationships before requesting financial assistance or investment opportunities.

WhatsApp Business impersonation

Criminals are creating fake WhatsApp Business accounts that impersonate legitimate South African retailers, banks, and service providers. These accounts use official logos and branding to trick consumers into sharing personal information or making payments for nonexistent goods and services.

Cryptocurrency and investment fraud

The growing interest in cryptocurrency among South Africans has created opportunities for sophisticated investment scams. These operations often feature fake celebrity endorsements, fabricated news articles, and professional-looking websites that disappear once victims transfer funds.

SIM swap attacks

Despite regulatory efforts, SIM swap attacks remain prevalent in South Africa. Criminals use social engineering to convince mobile network operators to transfer victims’ phone numbers to SIM cards under their control, enabling them to bypass two-factor authentication and access banking and social media accounts.

Ransomware targeting SMEs

Small and medium enterprises across South Africa are increasingly targeted by ransomware groups who recognize that these businesses often lack enterprise-grade security infrastructure but possess valuable data and the ability to pay ransoms to resume operations. 

The IoT challenge

With more than 41 billion IoT devices across enterprise and consumer environments expected by 2025, devices such as cameras, smart speakers, or locks and commercial appliances can become entry points for attackers. South Africa’s rapid adoption of smart city technologies and IoT devices in both residential and commercial settings creates an expanded attack surface that requires careful security consideration.

Collective defence: a collaborative approach

The scale and sophistication of modern cyber threats require collaborative responses. As I noted in previous discussions about South Africa’s cybersecurity landscape, addressing cybersecurity in a hyper-connected digital world requires collective commitment and action.

Microsoft’s threat intelligence demonstrates that no single organization, regardless of size or resources, can effectively defend against the full spectrum of modern threats alone. The integration of AI into both attack and defense strategies requires sharing threat intelligence, best practices, and collaborative response mechanisms.