• Home
• cyber security

The financial sector faced one of its most turbulent cybersecurity years in 2025, according to the newly released Kaspersky Security Bulletin, which reviews major cyber threats and forecasts emerging risks for the coming year. Financial institutions worldwide grappled with a rapidly evolving threat landscape, including AI-assisted attacks, supply chain intrusions, mobile banking fraud, NFC exploitation, and the resurgence of malware distributed through popular messaging platforms.

Based on Kaspersky Security Network data collected between November 2024 and October 2025, 8.15% of users in the financial sector encountered online threats, while 15.81% experienced local (on-device) threats. The company detected 1,338,357 banking trojan attacks, with 12.8% of B2B financial sector companies hit by ransomware, marking a 35.7% year-on-year increase versus 2024.

2025’s Most Critical Cyber Threats to Finance

Kaspersky analysts identified several major cybersecurity developments that shaped the financial sector this year:

• Supply chain attacks at unprecedented scale: Criminals exploited vulnerabilities in third-party systems to infiltrate national payment infrastructures, impacting even central-level financial networks.

• Convergence of organized crime and cybercrime: Threat actors increasingly combined physical operations with digital exploitation, blending insider manipulation, social engineering, and technical breaches.

• Re-emergence of old malware via new channels: Rather than email phishing, cybercriminals turned to WhatsApp and messaging apps to distribute banking trojans and expand infection reach.

• AI-enabled automation and evasion: Advanced malware deployed automated propagation, rapid deployment, and sophisticated evasion, reducing defenders’ reaction time and increasing attack volume.

• Mobile banking fraud and NFC exploitation: Android malware using ATS (Automated Transfer System) automated unauthorized bank transfers in real time. NFC-based attacks also expanded, enabling physical fraud in crowded areas or remote fraud via social engineering and fake banking apps.

• Blockchain-powered command-and-control: Cybercriminals increasingly embedded malware commands into blockchain smart contracts to steal cryptocurrency and evade detection, allowing C2 infrastructure to persist even after server shutdowns.

• Persistent ransomware: Ransomware remained a dominant threat to financial institutions, affecting 12.8% of B2B finance companies during the year.

• Some malware families fading away: As criminal organizations shift tactics or dissolve, certain malware strains are expected to disappear, replaced by more sophisticated variants.

> “In 2025, financial cyber threats evolved into a complex landscape, with attacks hitting businesses and end users alike,” said Fabio Assolini, Head of the Americas & Europe Units at Kaspersky GReAT. “Criminal groups increasingly combined digital tools, insider access, AI and blockchain to scale operations, forcing organizations to secure not only their systems but also the human networks that support them.”

What to Expect in 2026: Kaspersky Cybersecurity Outlook

Kaspersky predicts significant evolution in financial cyber risks next year, including:

• Banking trojans rewritten for WhatsApp: Larger-scale malware campaigns will increasingly target corporate and government users via desktop-based online banking systems.

• Growth of deepfake-powered fraud: Sophisticated AI services will fuel targeted scams exploiting job interviews, onboarding, financial identity authentication and KYC bypass.

• Regionalized info-stealers: New malware families will emerge with localized targeting capabilities, powered by the expanding malware-as-a-service economy.

• Increased attacks on NFC payments: As NFC becomes mainstream for financial transactions, specialized malware and fraud tools will rise across consumer and merchant environments.

• The rise of agentic AI malware: These variants dynamically change behavior mid-execution, adapting to security defenses and executing multi-stage operations, from infiltration to data theft or system disruption.

• Evolving fraud delivery: Traditional fraud will remain widespread but migrate to new platforms and messaging ecosystems.

• Persisting risk of pre-infected “out-of-box” devices: Counterfeit smart devices preloaded with malware—such as Triada—will continue affecting Android smartphones, smart TVs and IoT devices.

Security Recommendations

For consumers:

Monitor financial accounts and transaction histories regularly

Download mobile apps only from official stores

Disable NFC when not needed and use wallets that block unauthorized access

Use premium security solutions such as Kaspersky Safe Money to authenticate legitimate online banking websites and payment systems

For financial institutions:

Conduct full infrastructure assessments and fix vulnerabilities, ideally with external expertise

Deploy unified cybersecurity platforms with real-time visibility, EDR/XDR and rapid detection

Adopt ecosystems such as Kaspersky Next to secure endpoints, networks and enterprise users

Enhance security awareness training to create a resilient “human firewall”

More information on financial cybersecurity solutions can be found on Kaspersky’s website.