The global financial sector faced a sharp rise in cyber threats in 2025, driven by artificial intelligence, blockchain misuse, organised crime and evolving malware tactics, according to the latest security bulletin released by Kaspersky.
The findings are part of the 2025 Kaspersky Security Bulletin, which reviews major cybersecurity trends between November 2024 and October 2025, with a focus on risks faced by banks, financial institutions and related businesses.
Kaspersky data shows rising malware and ransomware activity
Based on Kaspersky Security Network statistics, 8.15% of users in the finance sector encountered online threats during the period, while 15.81% faced local, on-device threats. The company said its security solutions detected 1,338,357 banking trojan attacks globally.
Ransomware remained a significant concern, with 12.8% of B2B finance sector organisations affected during the year. This represented a 35.7% increase in unique users impacted compared with the same period in 2024.
Supply chain attacks and organised crime expand
Kaspersky reported an increase in supply chain attacks, in which attackers exploit vulnerabilities in third-party service providers to gain access to financial institutions. The report also noted a growing convergence of physical and digital crime, with attackers combining social engineering, insider access and technical exploits to carry out coordinated operations.
Messaging apps, AI and NFC fraud emerge as key threats
Cybercriminals increasingly used popular messaging applications to distribute malware, shifting away from traditional email-based phishing. According to the report, AI-enabled malware now incorporates automated propagation and evasion techniques, accelerating the speed and scale of attacks.
The company also highlighted the growth of Android malware using Automated Transfer System (ATS) techniques to manipulate financial transactions in real time. NFC-based fraud emerged as another major trend, enabling both physical theft in crowded locations and remote fraud through fake banking applications and social engineering.
Blockchain misuse targets Web3 and cryptocurrency
Kaspersky said attackers are embedding malicious commands into blockchain smart contracts to target Web3 platforms and steal cryptocurrencies. This method allows threat actors to maintain control even if conventional command-and-control servers are shut down, increasing the resilience of attacks.
Outlook for 2026
Looking ahead, Kaspersky warned that cybercriminal groups are expected to expand the use of AI-generated deepfakes and automated scams, particularly targeting organisations that rely on desktop-based online banking. The report also anticipates increased abuse of messaging platforms such as WhatsApp, the growth of region-specific information stealers, and further attacks on NFC-based payment systems.
“In 2025, financial cyber threats evolved into a complex landscape, with attacks affecting both organisations and individual users,” said Fabio Assolini, head of the Americas and Europe units at Kaspersky GReAT.
Read related news here: https://greenpost.com.pk/business/
For more stories and insights, visit The Public
