Stealing personal data through a laptop concept for computer hacker, network security and electronic banking security
As cyber threats continue to evolve at an unprecedented pace, Microsoft’s latest cybersecurity intelligence reveals a complex landscape where artificial intelligence (AI) is both empowering defenders and enabling sophisticated criminal enterprises.
Drawing from Microsoft’s synthesis of over 75 trillion daily security signals and recent threat intelligence, several critical trends are reshaping the global cybersecurity landscape—with particularly concerning implications for South Africa and the broader African continent.
AI-powered deception
Kerissa Varma, Chief Security Advisor Africa, Microsoft said the most significant development in threat intelligence is the weaponisation of AI by cybercriminals.
“Between April 2024 and April 2025, Microsoft thwarted $4 billion in fraud attempts, many of which incorporated AI-generated content designed to deceive victims with unprecedented sophistication.”
Varma said deepfake detection algorithms are now essential for identifying AI-generated interviews where facial expressions and speech patterns may not align naturally.
“This technology is being deployed by criminals in recruitment scams, CEO fraud schemes, and romantic deception campaigns across Africa.
“The implications for South Africa are particularly acute, because it is becoming increasingly difficult for people to distinguish real from fake, as deepfakes—AI-generated video and audio—are being used to impersonate trusted individuals and deceive victims into handing over money or credentials,” Varma said.
Critical applications
Varma said in South Africa, attackers are increasingly compromising critical business application vulnerabilities.
“These attacks exploit the very tools and software that organisations rely on – like web applications, APIs and cloud services, often bypassing conventional security controls.
These attacks target the very services that have become essential to South Africa’s digital economy. Banking applications, e-commerce platforms, utility services and government digital services are increasingly at risk from attackers who mimic legitimate application usage to go unnoticed or gain advanced access to systems and data,” Varma said.
Education
Varma said a particularly concerning trend identified in threat intelligence is the targeting of educational institutions.
“Education and research became the second-most targeted sector by nation-state threat actors in 2024. These institutions, offering intelligence on research and policy, are often used as testing grounds before pursuing their actual targets.
“For South Africa, this poses risks not only to academic institutions but to the broader knowledge economy. Universities and research institutions that are developing critical technologies, policy frameworks, and educational resources are becoming stepping stones for more significant attacks on government and private sector targets,” Varma said.
Local challenges
Varma said based on extensive field research and threat monitoring across the African continent, several South Africa-specific threats have emerged that require immediate attention”
Romance and investment
South African consumers are increasingly targeted by sophisticated romance scams that now incorporate AI-generated profile images and even voice synthesis.
These scams often begin on social media platforms and migrate to messaging applications where criminals establish long-term relationships before requesting financial assistance or investment opportunities.
WhatsApp impersonation
Criminals are creating fake WhatsApp Business accounts that impersonate legitimate South African retailers, banks, and service providers.
These accounts use official logos and branding to trick consumers into sharing personal information or making payments for non-existent goods and services.
Cryptocurrency and investment
The growing interest in cryptocurrency among South Africans has created opportunities for sophisticated investment scams.
These operations often feature fake celebrity endorsements, fabricated news articles, and professional-looking websites that disappear once victims transfer funds.
SIM swaps
Despite regulatory efforts, SIM swap attacks remain prevalent in South Africa. Criminals use social engineering to convince mobile network operators to transfer victims’ phone numbers to SIM cards under their control, enabling them to bypass two-factor authentication and access banking and social media accounts.
Ransomware
Small and medium enterprises across South Africa are increasingly targeted by ransomware groups who recognise that these businesses often lack enterprise-grade security infrastructure but possess valuable data and the ability to pay ransoms to resume operations.
IoT challenge
With more than 41 billion IoT devices across enterprise and consumer environments expected by 2025, devices such as cameras, smart speakers, or locks and commercial appliances can become entry points for attackers.
South Africa’s rapid adoption of smart city technologies and IoT devices in both residential and commercial settings create an expanded attack surface that requires careful security consideration.
Varma said the scale and sophistication of modern cyber threats require collaborative responses.
“As I noted in previous discussions about South Africa’s cybersecurity landscape, addressing cybersecurity in a hyper-connected digital world requires collective commitment and action.”
Intelligence
Microsoft’s threat intelligence demonstrates that no single organisation, regardless of size or resources, can effectively defend against the full spectrum of modern threats alone. The integration of AI into both attack and defence strategies requires sharing threat intelligence, best practices, and collaborative response mechanisms,” she said.
Varma said the cybersecurity landscape will continue to evolve as both criminals and defenders adopt increasingly sophisticated AI technologies, adding that for South Africa, success in this environment will depend on combining global threat intelligence with local expertise and collaborative defence strategies.
ALSO READ: AWS Summit highlights AI transformation and accelerating innovation [VIDEO]
