In the first half of 2025, Romania ranked 52nd worldwide among the countries most frequently affected by cyber activities, according to the new Microsoft Digital Defense Report.
The sixth annual report, covering trends from July 2024 to June 2025, emphasizes that traditional security measures are no longer sufficient. Modern defenses and strong collaboration between industries and governments are needed to keep pace with threats.
Romania is not among the most targeted nations, according to the report, but the threats are evolving, and some are even organized by state actors.
“The global partnerships in which Romania already has a solid position must continue to coordinate and collaborate in defending against common adversaries. Traditional perimeter defenses are no longer sufficient. Resilience must be built into systems, supply chains, processes, and governance. New types of threats will emerge with increasing frequency; being informed and prepared is essential,” said Renate Strazdina, National Technology Officer, North Europe Multi-Country Cluster, Microsoft.
In 80% of cyber incidents investigated last year by Microsoft’s security teams, attackers sought to steal data, most likely for financial gain. More than half of cyberattacks with known motives were driven by extortion or ransomware. At least 52% of incidents were financially motivated, while attacks focused solely on espionage accounted for only 4%.
Threats from state actors remain a serious and persistent concern, but most of the immediate attacks faced by organizations today come from opportunistic criminals seeking profit, the report said.
The report also highlighted that critical public services remain prime targets for cybercriminals. Hospitals, local administrations, and educational institutions are particularly vulnerable due to the large volumes of sensitive data they hold and their limited cybersecurity resources. In February 2024, 18 hospitals in Romania were targeted with ransomware by hackers.
Every day, Microsoft processes over 100 trillion signals, blocks approximately 4.5 million new malware attempts, analyzes 38 million identity theft risk cases, and filters 5 billion emails for malware and phishing, according to the company’s report.
Advances in automation and the availability of ready-to-use tools have allowed cybercriminals to significantly expand their operations. The use of artificial intelligence has amplified this trend, with attackers accelerating malware development and creating more realistic synthetic content, increasing the effectiveness of activities such as phishing and ransomware attacks.
Over the past year, both attackers and defenders have leveraged the power of generative AI. Threat actors use AI to intensify their attacks through automated phishing, expanded social engineering, synthetic content creation, faster identification of vulnerabilities, and the development of adaptive malware. State actors have also continued to integrate AI into their cyber influence operations.
Artificial intelligence is also proving to be a valuable tool for security professionals. Microsoft, for example, uses AI to identify threats, close detection gaps, intercept phishing attempts, and protect vulnerable users.
Amid the growing complexity of cyber threats, one indicator stands out: over 97% of identity attacks are password attacks. Moreover, in just the first half of 2025, identity-based attacks increased by 32%.
Attackers increasingly rely on credential leaks and infostealer malware to gain unauthorized access to accounts, often leading to ransomware or data theft incidents.
(Photo source: press release)
Leave a Reply