Kaspersky launched its 2025 Security Bulletin, which reviews the major cybersecurity trends of the past year and offers a look toward the future.
The first KSB is dedicated to cybersecurity in the financial sector, providing an overview of major cases, key trends, and evolving threats.
This year, the financial sector navigated a rapidly evolving cyber landscape, with malware spreading through messaging apps, AI-assisted attacks, supply chain compromises, and NFC-based fraud.
2025 financial sector cybersecurity in figures
- 8.15% of users faced online threats in the finance sector.
- 15.81% of users in the finance sector encountered local threats.
- 12.8% of B2B finance sector companies faced ransomware this year.
- 35.7% more unique users in the finance sector encountered ransomware detections in 2025 compared to 2023.
- 1,338,357 banking trojan attacks were detected this year.
image.png
Cybersecurity trends and cases shaping the financial sector in 2025
Large-scale supply chain attacks
The financial sector faced a series of unprecedented supply chain attacks, incidents that exploit vulnerabilities in third-party providers to reach their primary targets. These breaches demonstrated how weaknesses in external partners can cascade through national payment networks, affecting even central systems.
Organized crime converging with cybercrime
Organized crime groups increasingly blended physical and digital methods, resulting in more sophisticated attacks. Financial institutions faced threats combining social engineering, insider manipulation, and technical exploitation.
Old malware, new channels
Cybercriminals continued to exploit popular messaging apps to spread malware, shifting from email phishing to social platforms. Banking trojans are being rewritten to use messaging apps as a new distribution vector, enabling large-scale infections.
AI scales malware to new heights
AI-enabled malware incorporated automated propagation and evasion techniques, allowing attacks to spread rapidly and target more victims. This automation shortened the time between malware creation and deployment.
Mobile banking attacks and NFC fraud
Android malware using Automated Transfer System (ATS) techniques enabled fraudulent transactions by altering amounts and recipients in real time. Meanwhile, NFC-based attacks emerged as a key trend, allowing both physical fraud in crowded areas and remote fraud via social engineering and fake banking apps.
Blockchain-based C2 infrastructure on the rise
Crimeware groups increasingly embedded malware commands in blockchain smart contracts to target Web3 environments and steal cryptocurrencies. This tactic ensures persistence and makes the infrastructure difficult to dismantle. Using blockchain for C2 operations lets attackers maintain control even if conventional servers are removed.
Ransomware presence
Ransomware remained a persistent threat across regions. Globally, 12.8% of B2B finance organizations were affected, including 12.9% in Africa, 12.6% in Latin America, and 9.4% in Russia & CIS (KSN Data, November 2024–October 2025).
Disappearance of certain malware families
Some malware families are expected to disappear as their activity depends heavily on specific criminal groups.
“In 2025, financial cyber threats evolved into a complex landscape, with attacks hitting businesses and end users alike. Criminal groups increasingly combined digital tools, insider access, AI, and blockchain to scale operations, forcing organizations to secure not only their systems but also the human networks that support them,” said Fabio Assolini, Head of the Americas & Europe units at Kaspersky GReAT.
Predictions: What finance cybersecurity might face in 2026
- Banking trojans rewritten for WhatsApp distribution: Criminal groups will increasingly rewrite banking trojans to exploit messaging apps used by corporate and government institutions still relying on desktop-based online banking.
- Growth of deepfake/AI services for social engineering: Demand for realistic deepfakes and AI-powered campaigns will continue rising, enabling scams targeting job interviews and KYC verification.
- Appearance of regional info stealers: As existing stealers remain active, new regional variants may emerge, targeting specific countries and expanding the MaaS model.
- More attacks on NFC payments: As NFC remains central to digital payments, attackers will deploy more tools and malware to exploit it.
- The advent of agentic AI malware: This malware will dynamically adapt its behavior mid-execution, shifting tactics based on the defenses and vulnerabilities it encounters.
- Classic fraud gains new delivery methods: Fraud will remain widespread but evolve through new services and rapidly emerging messaging platforms.
- Persistence of ‘out of box’ pre-infected devices: Counterfeit smart devices preloaded with trojans such as Triada will continue to proliferate, affecting Android phones and other smart devices like TVs.
image.png
Kaspersky experts recommend the following to keep safe
- Download apps only from official stores and verify developer authenticity.
- Disable NFC when not in use and use wallets that block unauthorized communication.
- Monitor accounts and transactions regularly.
- Protect financial transactions with Kaspersky Premium and its Safe Money feature.
Financial organizations: an ecosystem-based cybersecurity strategy
Step 1: Assess the entire infrastructure, address vulnerabilities, and consider external specialists to identify concealed risks.
Step 2: Deploy integrated platforms to monitor and control all attack vectors, with rapid detection and response. Kaspersky Next solutions provide real-time protection, visibility, investigation, and scalable EDR/XDR capabilities.
Step 3: Stay updated on threats using Kaspersky threat intelligence and analytics, and run regular awareness training to strengthen human defenses.
To learn more about Kaspersky’s expertise in the financial sector and relevant solutions to mitigate risks, please visit their website.
READ MORE TECH NEWS.
