Microsoft Releases 2025 Digital Defense Report: Highlighting the Changing Cyber Threat Landscape and the Importance of Security in the AI Era

Read in Indonesian here.

Microsoft has released its annual Digital Defense Report 2025 (MDDR 2025), highlighting the evolving patterns of cyber threats worldwide and the growing role of artificial intelligence (AI) in digital defense. The report underscores that cyber threats have become increasingly complex and large-scale — driven by the advancement of AI now used both by threat actors and security defenders.

Between July 2024 and June 2025, 52 percent of cyberattacks worldwide were financially motivated, while 80 percent of incidents investigated by Microsoft’s security teams involved data theft or leakage. Identity-based attacks rose 32 percent in just the first half of 2025, with more than 97 percent being large-scale password attacks.

Indonesia Amid Rising Cyber Activity in the Asia-Pacific Region

Within the regional context, Indonesia ranks 12th among Asia-Pacific countries with the highest cyber activity, accounting for around 3.6 percent of total activity in the region. This data reflects growing exposure of organizations in Indonesia to various types of attacks, such as data theft, ransomware, and Infostealer malware like Lumma Stealer, which has reportedly infected more than 14,000 devices in Indonesia during the first half of 2025.

“Indonesia’s rapidly growing digital economy must be matched with strong security readiness and discipline,” said Dharma Simorangkir, President Director, Microsoft Indonesia. “Cybersecurity is no longer just the responsibility of IT, it is a key part of business governance and the foundation of trust in innovation. With AI, we have both new opportunities and new responsibilities, to ensure that every organization, from startups to public institutions, can innovate securely and responsibly.”

Three Major Shifts in the Cyber Threat Landscape

1. Identity-based attacks remain dominant. Pressure on credentials — from password sprays to token abuse, continues to rise. Over 97 percent of identity attacks originate from mass password-guessing attempts. Implementing phishing-resistant multifactor authentication (MFA) has proven to prevent up to 99 percent of these attacks.
2. Ransomware evolves into data extortion. Threat actors are no longer just encrypting systems but also stealing sensitive data to sell or use as leverage in negotiations. Public sector organizations, including hospitals, educational institutions, and local governments, remain the most vulnerable due to limited security resources.
3. Infostealers as initial access vectors. Malware such as Lumma Stealer has become a new entry point for cybercrime. Infostealers are designed to collect user information — including passwords, session tokens, and personal data — through malvertising campaigns or SEO poisoning. This threat is growing rapidly due to its ability to automatically harvest credentials and trigger subsequent attack chains.

AI: The Challenge and the Solution

Advances in AI have created a new paradox in cybersecurity. On one hand, cybercriminals are leveraging AI to accelerate vulnerability discovery and scale automated phishing — achieving click-through rates up to 4.5 times higher than traditional phishing (from 12 percent to 54 percent).

On the other hand, AI is also empowering defenders. With tools such as Microsoft Sentinel, Security Copilot, and the Microsoft Security Store suite, organizations can now deploy no-code AI agents that analyze billions of threat signals daily, automate anomaly detection, and respond to incidents within seconds.

This approach aligns with Microsoft’s Secure Future Initiative (SFI), built on three core principles: secure by design, secure by default, and secure operations, ensuring that security is embedded into every product and process by default.

Practical Steps for Organizations in Indonesia

MDDR 2025 also highlights the need for a more holistic approach to cybersecurity — one that focuses not only on technology, but also on people and processes.

Microsoft recommends five key actions for strengthening cyber resilience:

1. Adopt phishing-resistant MFA – Apply the principle of least privilege to limit access rights.
2. Build a culture of cybersecurity – Raise awareness and skills across all divisions so that security becomes a shared business responsibility, not just an IT function.
3. Map and monitor cloud assets – Cloud attacks have increased by 87 percent this year. Strengthen data and cloud protection through system updates and cross-platform threat detection.
4. Use AI safely and responsibly – Treat AI models and data as critical assets that must be protected end to end, while leveraging AI for faster threat detection, analysis, and response.

###