The cybersecurity landscape is becoming more complex as artificial intelligence (AI) both empowers defenders and enables sophisticated criminal enterprises.
Microsoft’s latest Cyber Signals report, drawing from a synthesis of over 75-trillion daily security signals and recent threat intelligence, unveils several critical trends that are reshaping the global cybersecurity landscape – with particularly concerning implications for South Africa and the broader African continent.
Kerissa Varma, chief security advisor Africa at Microsoft, unpacks the report’s findings.
The rise of AI-powered deception
The most significant development in our threat intelligence is the weaponisation of AI by cybercriminals. Between April 2024 and April 2025, Microsoft thwarted $4-billion in fraud attempts, many of which incorporated AI-generated content designed to deceive victims with unprecedented sophistication.
Deepfake detection algorithms are now essential for identifying AI-generated interviews where facial expressions and speech patterns may not align naturally. This technology is being deployed by criminals in recruitment scams, CEO fraud schemes, and romantic deception campaigns across Africa.
The implications for South Africa are particularly acute, because it is becoming increasingly difficult for people to distinguish real from fake, as deepfakes – AI-generated video and audio – are being used to impersonate trusted individuals and deceive victims into handing over money or credentials.
This trend represents a fundamental shift in the threat landscape, moving beyond traditional phishing emails to sophisticated audio-visual deception that can fool even security-conscious individuals.
Attacks on critical applications: the increasing battleground for SA businesses
In South Africa, attackers are increasingly compromising critical business application vulnerabilities. These attacks exploit the very tools and software that organisations rely on – like web applications, APIs and cloud services, often bypassing conventional security controls.
For local financial institutions and critical infrastructure, this represents an area of risk that requires immediate attention.
These attacks target the very services that have become essential to South Africa’s digital economy. Banking applications, e-commerce platforms, utility services and government digital services are increasingly at risk from attackers who mimic legitimate application usage to go unnoticed or gain advanced access to systems and data.
The impact on businesses and economic stability when the systems that support our economy are impacted has far reaching consequences that are not easy to recover from.
Education sector under siege
A particularly concerning trend identified in our threat intelligence is the targeting of educational institutions. Education and research became the second-most targeted sector by nation-state threat actors in 2024. These institutions, offering intelligence on research and policy, are often used as testing grounds before pursuing their actual targets.
For South Africa, this poses risks not only to academic institutions but to the broader knowledge economy. Universities and research institutions that are developing critical technologies, policy frameworks, and educational resources are becoming stepping stones for more significant attacks on government and private sector targets.
SA cyber threat landscape: local challenges
Based on extensive field research and threat monitoring across the African continent, several South Africa-specific threats have emerged that require immediate attention:
- Romance and investment scams – South African consumers are increasingly targeted by sophisticated romance scams that now incorporate AI-generated profile images and even voice synthesis. These scams often begin on social media platforms and migrate to messaging applications where criminals establish long-term relationships before requesting financial assistance or investment opportunities.
- WhatsApp Business impersonation – Criminals are creating fake WhatsApp Business accounts that impersonate legitimate South African retailers, banks, and service providers. These accounts use official logos and branding to trick consumers into sharing personal information or making payments for non-existent goods and services.
- Cryptocurrency and investment fraud – The growing interest in cryptocurrency among South Africans has created opportunities for sophisticated investment scams. These operations often feature fake celebrity endorsements, fabricated news articles, and professional-looking websites that disappear once victims transfer funds.
- SIM swap attacks – Despite regulatory efforts, SIM swap attacks remain prevalent in South Africa. Criminals use social engineering to convince mobile network operators to transfer victims’ phone numbers to SIM cards under their control, enabling them to bypass two-factor authentication and access banking and social media accounts.
- Ransomware targeting SMEs – Small and medium enterprises across South Africa are increasingly targeted by ransomware groups who recognise that these businesses often lack enterprise-grade security infrastructure but possess valuable data and the ability to pay ransoms to resume operations.
- The IoT challenge – With more than 41-billion IoT devices across enterprise and consumer environments expected by 2025, devices such as cameras, smart speakers, or locks and commercial appliances can become entry points for attackers. South Africa’s rapid adoption of smart city technologies and IoT devices in both residential and commercial settings create an expanded attack surface that requires careful security consideration.
Collective defence: a collaborative approach
The scale and sophistication of modern cyber threats require collaborative responses. In South Africa’s cybersecurity landscape, addressing cybersecurity in a hyper-connected digital world requires collective commitment and action.
Microsoft’s threat intelligence demonstrates that no single organisation, regardless of size or resources, can effectively defend against the full spectrum of modern threats alone. The integration of AI into both attack and defence strategies requires sharing threat intelligence, best practices, and collaborative response mechanisms.
Recommendations for SA organisations
Based on Microsoft’s latest threat intelligence and the specific challenges facing South African organisations, we recommend:
- Implement AI-aware security training: Educate employees about deepfake technology and AI-generated content, providing them with tools and techniques to verify the authenticity of communications.
- Strengthen application security: Move beyond perimeter defence to focus on application-layer security, implementing robust authentication, input validation, and API security measures.
- Develop incident response capabilities: Establish clear procedures for responding to AI-enhanced attacks, including deepfake incidents and sophisticated social engineering campaigns.
- Invest in threat intelligence: Leverage shared threat intelligence platforms to stay informed about emerging threats specific to the South African context.
- Enhance identity verification: Implement multifactor authentication (MFA) and consider biometric verification for high-value transactions and sensitive data access.
Recommendations for consumers
With many consumers falling prey to increasingly sophisticated cyberthreats, we encourage the following:
- Verify before you click: avoid clicking on ads or links from unfamiliar sources. Fraudulent websites are increasingly mimicking legitimate ones with alarming accuracy.
- Be cautious with online purchases: stick to trusted e-commerce platforms. AI-generated fake storefronts can look convincing, complete with fake reviews and customer service bots.
- Watch for deepfakes and voice scams: if something doesn’t feel right in a video call or voice message, trust your instincts. Deepfake technology is being used to impersonate real people.
- Use secure payment methods: avoid direct bank transfers or crypto payments for online purchases, they often lack fraud protection.
- Enable multifactor authentication (MFA): add an extra layer of security to your accounts to prevent unauthorised access, even if your password is compromised.
Looking forward
The cybersecurity landscape will continue to evolve as both criminals and defenders adopt increasingly sophisticated AI technologies. For South Africa, success in this environment will depend on combining global threat intelligence with local expertise and collaborative defence strategies.
The investments we make today in cybersecurity infrastructure, skills development, and collaborative frameworks will determine our resilience against tomorrow’s threats. As the threat landscape evolves, so too must our approach to defending against it – with innovation, collaboration, and an unwavering commitment to protecting South Africa’s digital future.