Kaspersky has introduced its Security Bulletin, which aims to examine the key cybersecurity trends of the past year and offers a glimpse into the potential future of these developments. The update from Kaspersky is dedicated to cybersecurity issues in the financial services ecosystem, offering an overview and detailed breakdown of major cases, key trends, and serious cyberthreats.
As expected, this year, Kaspersky pointed out that the financial sector navigated an evolving cyber landscape, with malware programs increasingly spreading via messaging apps, AI-enabled attacks, supply chain vulnerabilities, as well as NFC-focused fraud.
2025 financial services sector cybersecurity in figures:
- 8.15% of users faced online threats in the finance sector.
- 15.81% of users in the finance sector faced local threats.
- 12.8% of B2B finance sector companies faced ransomware this year.[1]
- 35.7% more unique users in the finance sector encountered ransomware detections in 2025 compared to 2023.
- 1,338,357 banking trojan attacks were detected this year.[3]
Cybersecurity trends and cases shaping the financial sector in 2025:
- Large-scale supply chain attacks: the financial sector faced a series of unprecedented supply chain attacks, which are incidents that exploit vulnerabilities in third-party providers to reach their primary targets. The breaches demonstrated how vulnerabilities in third-party providers can cascade through national payment networks, affecting even central systems.
- Organized crime converging with cybercrime: organized crime is increasingly combining physical and digital methods, creating more sophisticated and coordinated attacks. Financial institutions faced threats that blend social engineering, insider manipulation, and technical exploitation.
- Old malware, new channels: cybercriminals increasingly exploit popular messaging apps to spread malware, shifting from email phishing to social channels. Banking trojans are being rewritten to use messaging platforms as a new distribution vector, enabling large-scale infections.
- AI scales malware to new heights: this year, AI-enabled malware has increasingly incorporated automated propagation and evasion techniques, allowing attacks to spread faster and reach a larger number of targets. This automation also shortens the time between malware creation and deployment.
- Mobile banking attacks and NFC fraud: Android malware using ATS (Automated Transfer System) techniques automate fraudulent transactions, altering transfer amounts and recipients in real time without the user noticing. NFC-based attacks have also emerged as a key trend, enabling both physical fraud in crowded places and remote fraud via social engineering and fake apps mimicking trusted banks.
- Blockchain-Based C2 Infrastructure is on the rise: crimewareattackers increasingly embed malware commands in blockchain smart contracts, targeting Web3 to steal cryptocurrencies. This method ensures persistence and makes the infrastructure extremely difficult to remove.
- Ransomware presence: these type of attacks remained a persistent threat for the financial sector across most regions this year. Worldwide 12.8% of B2B finance organizations were affected by ransomware.
- Disappearance of certain malware families: some malware families are likely to disappear, as their activity depends directly on the operations of specific criminal groups.
Predictions: what finance cybersecurity might face in 2026 –
- Banking Trojans will be rewritten for WhatsApp distribution: criminal groups will increasingly rewrite and scale banking trojans distribution and abuse messaging apps like WhatsApp to target corporate and government organizations that still rely on desktop-based online banking. These environments are where Windows-based banking trojans thrive.
- Growth of deepfake/AI services for social engineering: the trade in realistic deepfakes and AI-powered campaigns is expected to expand even more, fueling scams around job interviews and offers, driving underground demand for tools that fully bypass KYC verification.
- Appearance of regional info stealers: as Lumma, Redline and other stealers are still active, we expect to see the appearance of regional info stealers, targeting specific countries or regions, expanding the use of MaaS model.
- More attacks on NFC payments: as a key technology used in payments, we’ll see more tools, more malware and attacks directed against NFC payments, in all types.
- The advent of Agentic AI malware: agentic AI malware is characterized by its ability to dynamically alter behavior mid-execution. Unlike conventional malware that relies on pre-defined instructions, agentic variants are designed to assess their environment, analyze their impact, and adapt their tactics on the fly. This means that a single piece of malware could exhibit a range of behaviors, from initial infiltration to data exfiltration or system disruption, all in response to the specific defenses and vulnerabilities it encounters
- Classic fraud will obtain new delivery: fraud will remain a major threat to end users, but its delivery methods will keep evolving. As new services and messaging platforms emerge, attackers will continue to adapt their tactics to the channels where their target audience is most active.
- The persistence of ‘out of box’, pre-infected devices: the threat of counterfeit smart devices sold already infected with trojans (such as Triada) will continue to evolve. These trojans often come with extensive capabilities, including the ability to steal banking credentials, and affect not only “gray” Android smartphones but also other smart devices such as TVs.