Microsoft’s Digital Crimes Unit (DCU) is playing an increasing role in disrupting cyber-criminal networks that target African organisations, financial institutions and public sector entities, says the company.
The team of legal, technical and investigative experts and threat hunters is central to Microsoft’s global strategy to disrupt and dismantle cyber crime networks, contributing to hundreds of arrests globally and rescuing millions of devices from ongoing exploitation, it adds.
Speaking to ITWeb, Kerissa Varma, Microsoft Africa chief security advisor, said as cyber crime syndicates expand their operations across borders, the DCU has increasingly focused on identifying the individuals behind operations − tracing developers, distributors and financial beneficiaries within cyber crime supply chains.
The unit was established in 2008 to fight cyber crime through legal and technical measures, including disrupting botnets and malware. It was expanded in November 2013, with the opening of its dedicated cyber crime centre in Redmond, Washington.
“The DCU fingerprints tactics, techniques and procedures used by threat actors, and works closely with law enforcement agencies, such as the Federal Bureau of Investigation, to share actionable intelligence,” notes Varma.
“Microsoft has evolved its strategy beyond infrastructure takedowns. In the past, we would notify law enforcement and they would break down the infrastructure. Last year, we continued investigations to identify the individuals behind the attacks − the engineer who developed the code, the marketplace where it was sold, and tracing who profited from it. We’re not only disrupting the technology, but the criminals behind it.”
While headquartered in the US, the DCU operates internationally − including in Europe, Middle East and Africa, reflecting the unit’s commitment to combating threats that span continents, she adds.
According to Varma, artificial intelligence (AI) is a huge enabler of attacks, andMicrosoft is intensifying its cyber security efforts across Africa as threat actors increasingly exploit AI and cloud technologies to scale attacks. “We’ve seen AI-enabled phishing grow four times faster than human-generated phishing.
“The latest Microsoft Digital Defence Report shows that 70% of attacks over the past year were driven by data theft and system hijacking, with criminals primarily targeting identity, credentials and critical infrastructure.”
“The findings underscore the growing sophistication of cyber crime in emerging markets, including South Africa, where organisations are rapidly digitising but often lag in cyber hygiene.”
To counter this, Microsoft is embedding security directly into its technology stack, under its global Secure Future Initiative, made up of more than 3 600 security engineers who work daily to harden Microsoft platforms and services.
AI-driven protections, including Security Copilot, have been integrated into Microsoft’s products to help organisations detect, investigate and respond to threats at machine speed, says the company.
“As attackers scale into different regions, when you clamp down on one group, they disappear and pop up elsewhere − it’s like playing whack-a-mole. That’s why security has to be built in by design,” Varma says.
The public sector remains one of the most targeted industries globally, according to the report, alongside research and academia − sectors often used as gateways into government systems.
Beyond technology, Microsoft is investing in digital skills development, forming part of a broader initiative to upskill 1.4 million South Africans, including government employees, in digital and cyber security competencies.
“With a global shortfall of more than four million cyber security professionals, building human capital across Africa is essential. We believe that if we create enough cyber talent, we strengthen resilience across the ecosystem − from SMEs to national governments,”Varma concludes.
Share