2025 Kaspersky Security Bulletin provides a review of the major cybersecurity trends of the year and offers a look towards the future of cybersecurity, focusing on the financial sector in its first part. According to the report, in 2025, the financial sector navigated a rapidly evolving cyber landscape, with malware spreading through messaging apps, AI-assisted attacks, supply chain compromises, and NFC-based fraud.
Based on Kaspersky Security Network statistics for the year (from November 2024 to October 2025), 8.15% of users in the finance sector faced online threats and 15.81% faced local (on-device) threats. 1,338,357 banking trojan attacks were detected by the company’s solutions. 12.8% of B2B finance sector companies faced ransomware this year – that marks a 35.7% increase in unique users in 2025 compared to the same period of 2024.
The company’s experts highlight the following cybersecurity trends and cases shaping the financial sector in 2025. The financial sector faced a series of unprecedented supply chain attacks, which are incidents that exploit vulnerabilities in third-party providers to reach their primary targets. Secondly, organized crime is increasingly combining physical and digital methods, creating more sophisticated and coordinated attacks. Financial institutions faced threats that blend social engineering, insider manipulation, and technical exploitation.
Cybercriminals increasingly exploit popular messaging apps to spread malware, shifting from email phishing to social channels. This year, AI-enabled malware has increasingly incorporated automated propagation and evasion techniques, allowing attacks to spread faster and reach a larger number of targets. This automation also shortens the time between malware creation and deployment.
Android malware using ATS (Automated Transfer System) techniques automate fraudulent transactions, altering transfer amounts and recipients in real time without the user noticing. NFC-based attacks have also emerged as a key trend, enabling both physical fraud in crowded places and remote fraud via social engineering and fake apps mimicking trusted banks.
Crimeware attackers increasingly embed malware commands in blockchain smart contracts, targeting Web3 to steal cryptocurrencies. This method ensures persistence and makes the infrastructure extremely difficult to remove. Using blockchain for C2 operations allows attackers to maintain control even if conventional servers are shut down, highlighting a new level of resilience in cyberattacks.
Ransomware attacks remained a persistent threat for the financial sector with 12.8% of B2B finance organizations affected in November 2024 through October 2025.
“In 2025, financial cyber threats evolved into a complex landscape, with attacks hitting businesses and end users alike. Criminal groups increasingly combined digital tools, insider access, AI and blockchain to scale operations, forcing organizations to secure not only their systems but also the human networks that support them,” said Fabio Assolini, Head of the Americas & Europe units at Kaspersky GReAT.
Kaspersky predictions for what finance cybersecurity might face in 2026 include that criminal groups will increasingly rewrite and scale banking trojans distribution and abuse messaging apps like WhatsApp to target corporate and government organizations that still rely on desktop-based online banking. The trade in realistic deepfakes and AI-powered campaigns is expected to expand even more, fueling scams around job interviews and offers, driving underground demand for tools that fully bypass Know Your Customer (KYC) verification.
As Lumma, Redline and other stealers are still active, Kaspersky expect to see the appearance of regional info stealers, targeting specific countries or regions, expanding the use of malware-as-a-service model. NFC as a key technology used in payments, Kaspersky expected to see more tools, more malware and attacks directed against NFC payments, in all types. Fraud will remain a major threat to end users, but its delivery methods will keep evolving. The threat of counterfeit smart devices sold already infected with trojans (such as Triada) will continue to evolve.
Kaspersky experts recommend monitoring accounts and transactions regularly for suspicious activity.Disable NFC when not in use, and utilize wallets that block unauthorized communication. Protect your financial transactions by adopting Kaspersky Premium with the Safe Money feature, which verifies the authenticity of known online payment systems and banking websites.
Financial organizations can embrace an ecosystem-based cybersecurity strategy that unites people, processes, and technology. Deploy integrated platforms to monitor and control all attack vectors with rapid detection and swift response across the organization. Solutions from the Kaspersky Next product line can help with this goal, as they provide real-time protection, threat visibility, investigation, and EDR/XDR capabilities scalable to organizations of any size and in any industry.
Stay current with the threat landscape using Kaspersky threat intelligence To learn more about relevant cybersecurity solutions to mitigate risks, financial organizations can visit the website
