Blog

By Amy Hogan-Burney, Corporate Vice President, Customer Security & Trust  

In 80% of the cyber incidents Microsoft’s security teams investigated last year, attackers sought to steal data—a trend driven more by financial gain than intelligence gathering. According to the latest Microsoft Digital Défense Report, written with our Chief Information Security Officer Igor Tsyganskiy, over half of cyberattacks with known motives were driven by extortion or ransomware. That’s at least 52% of incidents fuelled by financial gain, while attacks focused solely on espionage made up just 4%. Nation-state threats remain a serious and persistent threat, but most of the immediate attacks organizations face today come from opportunistic criminals looking to make a profit.
 
Every day, Microsoft processes more than 100 trillion signals, blocks approximately 4.5 million new malware attempts, analyses 38 million identity risk detections, and screens 5 billion emails for malware and phishing. Advances in automation and readily available off-the-shelf tools have enabled cybercriminals—even those with limited technical expertise—to expand their operations significantly. The use of AI has further added to this trend with cybercriminals accelerating malware development and creating more realistic synthetic content, enhancing the efficiency of activities such as phishing and ransomware attacks. As a result, opportunistic malicious actors now target everyone—big or small—making cybercrime a universal, ever-present threat that spills into our daily lives.
 
In this environment, organizational leaders must treat cybersecurity as a core strategic priority—not just an IT issue—and build resilience into their technology and operations from the ground up. In our sixth annual Microsoft Digital Defence Report, which covers trends from July 2024 through June 2025, we highlight that legacy security measures are no longer enough; we need modern defences leveraging AI and strong collaboration across industries and governments to keep pace with the threat. For individuals, simple steps like using strong security tools—especially phishing-resistant multifactor authentication (MFA)—makes a big difference, as MFA can block over 99% of identity-based attacks. Below are some of the key findings.
 
 

 
Critical services are prime targets with a real-world impact.
 
Malicious actors remain focused on attacking critical public services—targets that, when compromised, can have a direct and immediate impact on people’s lives. Hospitals and local governments, for example, are all targets because they store sensitive data or have tight cybersecurity budgets with limited incident response capabilities, often resulting in outdated software. In the past year, cyberattacks on these sectors had real-world consequences, including delayed emergency medical care, disrupted emergency services, cancelled school classes, and halted transportation systems.
 
Ransomware actors in particular focus on these critical sectors because of the targets’ limited options. For example, a hospital must quickly resolve its encrypted systems, or patients could die, potentially leaving no other recourse but to pay. Additionally, governments, hospitals, and research institutions store sensitive data that criminals can steal and monetize through illicit marketplaces on the dark web, fuelling downstream criminal activity. Government and industry can collaborate to strengthen cybersecurity in these sectors—particularly for the most vulnerable. These efforts are critical to protecting communities and ensuring continuity of care, education, and emergency response.
 
Nation-state actors are expanding operations.
 
While cybercriminals are the biggest cyber threat by volume, nation-state actors still target key industries and regions, expanding their focus on espionage and, in some cases, on financial gain. Geopolitical objectives continue to drive a surge in state-sponsored cyber activity, with a notable expansion in targeting communications, research, and academia.
 

 
Key insights:

• China is continuing its broad push across industries to conduct espionage and steal sensitive data. State-affiliated actors are increasingly attacking non-governmental organizations (NGOs) to expand their insights and are using covert networks and vulnerable internet-facing devices to gain entry and avoid detection. They have also become faster at operationalizing newly disclosed vulnerabilities.
• Iran is going after a wider range of targets than ever before, from the Middle East to North America, as part of broadening espionage operations. Recently, three Iranian state-affiliated actors attacked shipping and logistics firms in Europe and the Persian Gulf to gain ongoing access to sensitive commercial data, raising the possibility that Iran may be pre-positioning to have the ability to interfere with commercial shipping operations.
• Russia, while still focused on the war in Ukraine, has expanded its targets. For example, Microsoft has observed Russian state-affiliated actors targeting small businesses in countries supporting Ukraine. In fact, outside of Ukraine, the top ten countries most affected by Russian cyber activity all belong to the North Atlantic Treaty Organization (NATO)—a 25% increase compared to last year. Russian actors may view these smaller companies as possibly less resource-intensive pivot points they can use to access larger organizations. These actors are also increasingly leveraging the cybercriminal ecosystem for their attacks.
• North Korea remains focused on revenue generation and espionage. In a trend that has gained significant attention, thousands of state-affiliated North Korean remote IT workers have applied for jobs with companies around the world, sending their salaries back to the government as remittances. When discovered, some of these workers have turned to extortion as another approach to bringing in money for the regime.

The cyber threats posed by nation-states are becoming more expansive and unpredictable. In addition, the shift by at least some nation-state actors to further leveraging the cybercriminal ecosystem will make attribution even more complicated. This underscores the need for organizations to stay abreast of the threats to their industries and work with both industry peers and governments to confront the threats posed by nation-state actors.
 
2025 saw an escalation in the use of AI by both attackers and defenders.
 
Over the past year, both attackers and defenders harnessed the power of generative AI. Threat actors are using AI to boost their attacks by automating phishing, scaling social engineering, creating synthetic media, finding vulnerabilities faster, and creating malware that can adapt itself. Nation-state actors, too, have continued to incorporate AI into their cyber influence operations. This activity has picked up in the past six months as actors use the technology to make their efforts more advanced, scalable, and targeted.
 

 
For defenders, AI is also proving to be a valuable tool. Microsoft, for example, uses AI to spot threats, close detection gaps, catch phishing attempts, and protect vulnerable users. As both the risks and opportunities of AI rapidly evolve, organizations must prioritize securing their AI tools and training their teams. Everyone—from industry to government—must be proactive to keep pace with increasingly sophisticated attackers and to ensure that defenders keep ahead of adversaries.
 
Adversaries aren’t breaking in; they’re signing in.
 
Amid the growing sophistication of cyber threats, one statistic stands out: more than 97% of identity attacks are password attacks. In the first half of 2025 alone, identity-based attacks surged by 32%. That means the vast majority of malicious sign-in attempts an organization might receive are via large-scale password guessing attempts. Attackers get usernames and passwords (“credentials”) for these bulk attacks largely from credential leaks.
 
However, credential leaks aren’t the only place where attackers can obtain credentials. This year, we saw a surge in the use of infostealer malware by cybercriminals. Infostealers can secretly gather credentials and information about your online accounts, like browser session tokens, at scale. Cybercriminals can then buy this stolen information on cybercrime forums, making it easy for anyone to access accounts for purposes such as the delivery of ransomware.
 
Luckily, the solution to identity compromise is simple. The implementation of phishing-resistant multifactor authentication (MFA) can stop over 99% of this type of attack even if the attacker has the correct username and password combination. To target the malicious supply chain, Microsoft’s Digital Crimes Unit (DCU) is fighting back against the cybercriminal use of infostealers. In May, the DCU disrupted the most popular infostealer—–Lumma Stealer—alongside the US Department of Justice and Europol.
 
Moving forward: Cybersecurity is a shared defensive priority.
 
As threat actors grow more sophisticated, persistent, and opportunistic, organizations must stay vigilant, continually updating their defenses and sharing intelligence. Microsoft remains committed to doing its part to strengthen our products and services via our Secure Future Initiative. We also continue to collaborate with others to track threats, alert targeted customers, and share insights with the broader public when appropriate.
 
However, security is not only a technical challenge but a governance imperative. Defensive measures alone are not enough to deter nation-state adversaries. Governments must build frameworks that signal credible and proportionate consequences for malicious activity that violates international rules. Encouragingly, governments are increasingly attributing cyberattacks to foreign actors and imposing consequences such as indictments and sanctions. This growing transparency and accountability are important steps toward building collective deterrence. As digital transformation accelerates—amplified by the rise of AI—cyber threats pose risks to economic stability, governance, and personal safety. Addressing these challenges requires not only technical innovation but coordinated societal action.

Samsung C&T and Samsung Electronics Will Make an Equity Investment of $110 Million Into GRAIL, Subject to Closing Conditions

Samsung C&T Will Drive Commercialization of Galleri in South Korea With Possible Expansion to Japan and Singapore

Samsung Electronics and GRAIL Will Also Explore Potential Strategic and Operational Collaborations

Samsung C&T (SCT), Samsung Electronics (SEC), and GRAIL, Inc. (Nasdaq: GRAL), today announced they have signed a binding Letter of Intent for a strategic collaboration to bring GRAIL’s Galleri^Ⓡ multi-cancer early detection (MCED) test to key Asian markets. SCT and SEC have also agreed to invest $110 million into GRAIL, a healthcare company whose mission is to detect cancer early when it can be cured, at a price of $70.05 per share of common stock.¹

 

“Guided by its commitment to advancing next-generation bio-technologies and improving quality of life, Samsung C&T has continuously invested in innovative companies. The collaboration with GRAIL represents a significant new step—moving beyond investment to a strategic business partnership that provides Samsung with a strong foothold for expanding into the cancer screening field and delivering one of these promising technologies to customers in South Korea and across Asia.” said Jaywoo Kim, Executive Vice President of Life Science Business at Samsung C&T.

 

Subject to final execution of definitive agreements, GRAIL and SCT will work as exclusive partners to commercialize the Galleri test in South Korea, with a possible extension into other Asian geographies, including Japan and Singapore. SCT will undertake key activities to drive adoption of Galleri . Initially, tests will be performed in GRAIL’s clinical laboratory in Research Triangle Park, North Carolina.

 

“We look forward to partnering with Samsung to bring multi-cancer early detection to Asia, beginning in South Korea,” said Sir Harpal Kumar, President, International Business & Biopharma, at GRAIL. “Samsung’s significant equity investment strengthens our balance sheet and provides further cash runway as we advance through key milestones to secure reimbursement for Galleri in the U.S. and key international markets.”

 

In addition, SEC and GRAIL intend to explore potential strategic and operational collaborations such as supporting longitudinal genomic-lifestyle clinical research, and the integration of SEC’s health data platform with GRAIL’s technologies and data.

 

“Our investment in and strategic cooperation with GRAIL is part of our vision to improve the health of billions of people. A potential collaboration with GRAIL could allow for the integration of our AI, our digital care platform, and device ecosystem with GRAIL’s clinical genetic data and technology, which could allow us to provide a level of personalization for our users to help them better understand their health,” said Hon Pak, Senior Vice President and Head of Digital Health Team, Mobile eXperience Business, at Samsung Electronics.

 

The terms of the collaborations are set forth in the term sheets between the parties. Definitive agreements will be negotiated in good faith pursuant to the term sheet and are intended to be entered into in early 2026. Commercial operations will begin soon after execution. Within South Korea, and potentially Japan and Singapore, GRAIL will partner with SCT as its sole distributor, subject to certain requirements, and GRAIL’s Galleri test will be the exclusive MCED test distributed by SCT.

 

The investment is subject to execution of the definitive collaboration agreements between the parties, as well as customary closing conditions and regulatory approvals. The investment is expected to close in early 2026.

 

Latham & Watkins served as legal advisor and Morgan Stanley & Co. LLC served as financial advisor to GRAIL. Samsung was advised by Covington & Burling, BKL, and E&Y Han Young (Korea).

 

 

¹ Representing a 10% premium to the 15 day VWAP.

 

 

About Samsung C&T Corporation

Samsung C&T Corporation, a dynamic player in industries ranging from construction, trading, fashion and resorts, is actively expanding its portfolio with strategic investments in the fields of biopharmaceutical and life sciences. Since its investment in Samsung Biologics and Samsung Bioepis, Samsung C&T continues to invest in innovative technologies and businesses within the bio and healthcare sectors, with the goal of contributing to improving the quality of human life.

 

About GRAIL

GRAIL is a healthcare company whose mission is to detect cancer early, when it can be cured. GRAIL is focused on alleviating the global burden of cancer by using the power of next-generation sequencing, population-scale clinical studies, and state-of-the-art machine learning, software, and automation to detect and identify multiple deadly cancer types in earlier stages. GRAIL’s targeted methylation-based platform can support the continuum of care for screening and precision oncology, including multi-cancer early detection in symptomatic patients, risk stratification, minimal residual disease detection, biomarker subtyping, treatment and recurrence monitoring. GRAIL is headquartered in Menlo Park, CA with locations in Washington, D.C., North Carolina, and the United Kingdom.

For more information, visit grail.com.

 

About Galleri^®
The Galleri multi-cancer early detection test is a proactive tool to screen for cancer. With a simple blood draw, Galleri can detect more than 50 types of cancer before symptoms appear — when they can be easier to treat and are potentially curable². Galleri is the only available MCED test with demonstrated performance in patients screened for cancer^2,*. The Galleri test doubles the number of cancers detected when added to standard of care cancer screening, and has the lowest false positive rate of any MCED test^1,2,3,4,**. When a cancer signal is found, Galleri provides a cancer signal of origin with high accuracy to help guide an efficient diagnostic work-up^4,5,6. The Galleri test requires a prescription from a licensed healthcare provider and should be used in addition to recommended cancer screenings such as mammography, colonoscopy, prostate-specific antigen (PSA) test, or cervical cancer screening. The Galleri test is recommended for adults with an elevated risk for cancer, such as those aged 50 or older.

For more information, visit galleri.com.

 

* The Galleri test performance metrics were derived from the outcomes of an interventional clinical study of patients presenting for screening without clinical suspicion of cancer, a study population that reflects the intended use population.

** Test performance metrics do not represent results of a head-to-head comparative study. Separate studies have different designs, objectives, and participant populations, which limits the ability to draw conclusions about comparative performance.

 

Important Galleri Safety Information
The Galleri test is recommended for use in adults with an elevated risk for cancer, such as those age 50 or older. The test does not detect all cancers and should be used in addition to routine cancer screening tests recommended by a healthcare provider. The Galleri test is intended to detect cancer signals and predict where in the body the cancer signal is located. Use of the test is not recommended in individuals who are pregnant, 21 years old or younger, or undergoing active cancer treatment.
Results should be interpreted by a healthcare provider in the context of medical history, clinical signs, and symptoms. A test result of No Cancer Signal Detected does not rule out cancer. A test result of Cancer Signal Detected requires confirmatory diagnostic evaluation by medically established procedures (e.g., imaging) to confirm cancer.

If cancer is not confirmed with further testing, it could mean that cancer is not present or testing was insufficient to detect cancer, including due to the cancer being located in a different part of the body. False positive (a cancer signal detected when cancer is not present) and false negative (a cancer signal not detected when cancer is present) test results do occur. Rx only.

 

Laboratory/Test Information
The GRAIL clinical laboratory is certified under the Clinical Laboratory Improvement Amendments of 1988

(CLIA) and accredited by the College of American Pathologists. The Galleri test was developed — and its performance characteristics were determined — by GRAIL. The Galleri test has not been cleared or approved by the Food and Drug Administration. The GRAIL clinical laboratory is regulated under CLIA to perform high-complexity testing. The Galleri test is intended for clinical purposes.

 

GRAIL Forward Looking Statements
This press release contains forward-looking statements. In some cases, you can identify these statements by forward-looking words such as “aim,” “anticipate,” “believe,” “continue,” “could,” “estimate,” “expect,” “intend,” “may,” “might,” “plan,” “potential,” “predict,” “should,” “would,” or “will,” the negative of these terms, and other comparable terminology. These forward-looking statements, which are subject to risks, uncertainties, and assumptions about us, may include expectations and projections of our ability to negotiate definitive agreements, the closing of the investment, the terms under which we will conduct our collaborations, future potential additional collaborations, our ability to commercialize Galleri in other geographies, success of our collaboration with counterparties, sufficiency of cash on hand to finance our business and anticipated trends in our business.

These statements are only predictions based on our current expectations and projections about future events and trends. There are important factors that could cause our actual results, level of activity, performance, or achievements to differ materially and adversely from those expressed or implied by the forward-looking statements, including those factors and numerous associated risks discussed under the sections entitled “Risk Factors” in our Annual Report on Form 10-K for the period ended December 31, 2024 and in our Quarterly Report on [Form 10-Q for the period ended June 30, 2025] (the “Form 10-Q”). Moreover, we operate in a dynamic and rapidly changing environment. New risks emerge from time to time. It is not possible for our management to predict all risks, nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause actual results, level of activity, performance, or achievements to differ materially and adversely from those contained in any forward-looking statements we may make.

Forward-looking statements relate to the future and, accordingly, are subject to inherent uncertainties, risks, and changes in circumstances that are difficult to predict and many of which are outside of our control. Although we believe the expectations and projections expressed or implied by the forward-looking statements are reasonable, we cannot guarantee future results, level of activity, performance, or achievements. Our actual results, financial condition and success in our business strategies and operations may differ materially from those indicated in the forward-looking statements. Except to the extent required by law, we undertake no obligation to update any of these forward-looking statements after the date of this press release to conform our prior statements to actual results or revised expectations or to reflect new information or the occurrence of unanticipated events.

 

References:

1.         Nabavizadeh N, et al. Safety and Performance of a Multi-Cancer Early Detection (MCED) Test in an Intended-Use Population: Initial Results from the Registrational PATHFINDER 2 Study. Proffered Presentation Presented at: European Society for Medical Oncology (ESMO) Annual Meeting; October 17-21, 2025; Berlin, Germany.
2.         Klein EA, Richards D, Cohn A, et al. Clinical validation of a targeted methylation-based multi-cancer early detection test using an independent validation set. Ann Oncol. 2021 Sep;32(9):1167-77. doi: 10.1016/j.annonc.2021.05.806
3.         GRAIL, Inc. False positive rate. [Data on file: GR-2025-0256]
4. Schrag D, Beer TM, McDonnell CH, et al. Blood-based tests for multi-cancer early detection (PATHFINDER): a prospective cohort study. Lancet. 2023;402:1251-1260. doi: 10.1016/S0140-6736(23)01700-2
5. GRAIL, Inc. Enhanced Cancer Signal Origin prediction. [Data on file: VV-TMF-59592]
6. Hackshaw A, et al. Cancer Cell. 2022;40(2):109-13.