Portal Portal Forum Forum Devolutions Force Devolutions Force Hub Business Hub Business Hub Personal Hub Personal Devolutions Send Devolutions Send Devolutions Academy Devolutions Academy Download RDM RDM Workspace Workspace Launcher Launcher
Security

Cybersecurity News: Report says most cyberattacks motivated by profit

Cybersecurity news ransomware devolutions blog

Cyberattacks are now primarily motivated by financial gain rather than espionage. The report urges organizations to prioritize identity protection, resilience, and proactive risk management.

Patrick Pilotte
Patrick Pilotte

Patrick has over two decades of experience in IT and cybersecurity, specializing in server administration, infrastructure protection, and incident response. As Information Security Manager at Devolutions, he leads the company’s efforts to safeguard critical systems and ensure operational resilience. A Certified Incident Responder (eCIR), Patrick is also a recognized trainer, having delivered workshops and presentations at major events such as ITSEC and SecTor. Passionate about knowledge sharing, he is dedicated to developing the next generation of cybersecurity professionals and promoting best practices across the industry.

View more posts

Microsoft’s 2025 Digital Defense Report, released on October 16, reveals that financially motivated cybercrime now dominates the threat landscape.

Between July 2024 and June 2025, 80% of Microsoft-investigated incidents centered on data theft driven by profit rather than intelligence gathering or espionage. Where a motive could be confirmed, extortion and ransomware accounted for at least 52% of attacks.

This reflects a clear shift in intent: for most attackers, the objective is not to trigger chaos or cause political disruption, but opportunistic crime designed to extract money (directly or indirectly).

Additional key findings from the Microsoft Report:

  • Attackers increasingly “sign in” rather than “break in,” with more than 97% of identity attacks taking the form of password attacks.
  • To capture passwords, adversaries are using infostealer malware as first-stage payloads rather than as post-exploitation tools (their traditional role). Typical delivery methods include malvertising, SEO poisoning, cracked software, and deceptive social-engineering campaigns (e.g., ClickFix).
  • In the first half of 2025, identity-driven attacks increased by 32%, likely fueled by AI-generated phishing and other persuasive social-engineering tactics.
  • Attackers continue to target critical public services, such as emergency services, hospitals, schools, transportation, and government agencies (as we explored in our last Cybersecurity News installment). These targets are attractive because they hold large volumes of sensitive data and, compared to large private-sector enterprises, often operate with tighter cybersecurity budgets and limited incident-response capabilities.

Recommendations

To address these threats and risks, the Microsoft Report outlines 10 priority recommendations, summarized below:

  1. Make managing cyber risk a board priority:
    Treat security like any other organizational risk. Track MFA coverage, patch timelines, incident volume, and high-value vulnerabilities so that leaders can clearly see the exposure and allocate budget accordingly.

  2. Put identity protection first:
    Most attacks start with accounts. Require phishing-resistant MFA for everyone (not just admins!). Shut down legacy or weak authentication paths.

  3. Invest in people, not just tools:
    Build a strong security culture. Train staff, include IT security in performance goals, and build incident playbooks.

  4. Shrink and harden the perimeter:
    Audit everything that is exposed to the internet. Patch quickly and regularly. Remove unnecessary external services and lock down supplier access.

  5. Know your weak spots and plan your response:
    Map business risks to likely failure points. Create and test an incident plan that covers ransomware, isolation steps, and rapid token or session revocation.

  6. Inventory and monitor every cloud asset:
    Keep a live catalog of workloads, APIs, identities, and privileges. Enforce governance, conditional access, and continuous checks for misconfiguration.

  7. Engineer for resilience and test it:
    Assume breaches happen. Maintain isolated backups and test restores regularly. Document clean rebuild procedures for identity and cloud.

  8. Share and use intelligence:
    Join threat intelligence communities and industry groups. Share indicators and lessons learned to reduce attacker dwell time.

  9. Build compliance into daily operations:
    Track new regulations and reporting rules. Embed required controls, evidence collection, and oversight into routine processes.

  10. Plan now for AI and post-quantum risk:
    Document where AI is used and update risk models. Assess cryptography dependencies and prepare for migration to quantum-safe standards as they mature.

Insight & advice from our Chief Security Officer, Patrick Pilotte

The findings from Microsoft’s 2025 Digital Defense Report confirm what many of us see daily: cyberattacks are increasingly driven by financial gain and identity compromise is often the easiest way in.

Defending against this new reality requires shifting from reactive controls to proactive identity resilience. That means treating identity not just as an access layer, but as a critical security perimeter.

At Devolutions, we strongly emphasize securing privileged access, enforcing phishing-resistant MFA, and continuously auditing account activity. These steps, combined with a strong security culture and tested incident response plans, can significantly reduce both the likelihood and the impact of a breach.

Table of contents
Related Posts

Read more Security posts