Cyber Threats Escalate Against The Finance Sector

The finance industry has witnessed a surge in cyber threats over the past quarter, with increasing attacks from advanced persistent threat (APT) groups, ransomware gangs, and vulnerabilities emerging across financial systems.

According to a report by cybersecurity firm Cyfirma, the sector remains a prime target for cybercriminals, with attack campaigns peaking in May 2025.

APT Campaigns Targeting Finance

Cyfirma’s findings indicate that financial institutions were affected by all eight observed APT campaigns over the last 90 days. This marks a significant increase compared to the previous quarter, where only 80% of observed campaigns targeted finance. Notably, the most active cyber threat actors included Chinese groups such as Stone Panda, Volt Typhoon, and Salt Typhoon, along with Russian-based actors like TA505 and FIN11.  

Campaigns exhibited a global footprint, with the United States and India being the most targeted, appearing in five out of eight attacks. The United Kingdom, Japan, South Korea, and Thailand followed closely behind. Attackers focused primarily on web applications, operating systems, and routers, taking advantage of vulnerabilities across digital financial infrastructures.

Dark Web Chatter Reflects Declining But Persistent Threats  

Cyfirma’s analysis of underground cybercriminal forums shows that the finance sector accounted for 11.5% of all detected industry-linked discussions, ranking third amongst 14 industries. While mentions of data breaches and leaks fell by over 40%, ransom-related chatter decreased sharply by 76%. This decline suggests improved security measures or a shift in cybercriminal tactics.  

However, Distributed Denial-of-Service (DDoS) attacks saw a modest resurgence, indicating that financial institutions could still face disruption-based cyber incidents. Hacktivism and web exploits targeting finance also declined during the period, potentially reflecting stronger cybersecurity policies or a reduced activist focus.

Security Vulnerabilities Continue To Emerge 

The finance industry ranked ninth in vulnerability-related discussions, representing 4.05% of all identified security flaws. Injection attacks, one of the most critical cyber threats, declined by 70%, possibly due to improved security protocols. Remote Code Execution (RCE) and Cross-Site Scripting (XSS) vulnerabilities remained prominent, with the latter showing signs of resurgence.  

Cyfirma’s report underscores the importance of securing digital assets, as denial-of-service vulnerabilities have increased, aligning with the growing DDoS threat in underground cybercriminal circles.

Ransomware Attacks Surge With Insurance Firms Most Targeted

Finance ranked eighth amongst industries affected by ransomware, with 102 verified victims over the last 90 days - an increase of 29% from the previous quarter. The financial sector's share of total ransomware victims rose from 4.0% to 6.2%, highlighting cybercriminals’ growing focus on banks, insurance firms, and investment organisations.  

The SilentRansomGroup, a newly emerged ransomware gang, disproportionately targeted financial firms, accounting for 33% of all ransomware victims in the sector. LockBit followed closely behind, demonstrating continued interest in infiltrating financial networks. While some of the largest ransomware collectives, such as Akira and Qilin, remained highly active globally, their focus on financial entities was relatively low.  

Geographically, ransomware attacks were concentrated in the United States, which recorded 54 victims, accounting for 53% of all incidents. The United Kingdom, Germany, Canada, and Pakistan also saw notable increases in ransomware activity.

Cyfirma’s findings suggest that as financial organisations fortify their security, attackers are shifting their focus to specific institutions that may still have vulnerabilities.  

Conclusion: Growing Cyber Threats Require Stronger Defences  

Cyfirma’s report paints a concerning picture of the financial industry's cybersecurity landscape. The steady rise in APT campaigns, underground threats, vulnerabilities, and ransomware incidents underscores the urgent need for financial firms to bolster their defences.

As cybercriminal tactics evolve, organisations must proactively enhance security measures to counter sophisticated attacks.  

For more details, the full report can be accessed HERE

Image: Unsplash

You Might Also Read: 

Financial Services Institutions Must Protect Themselves From  Downtime:


If you like this website and use the comprehensive 7,000+ service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Enterprises Can Learn From Government Cyber Defence
Cyber Attack On Adidas Highlights A Rising Tide Of Retail Sector Threats »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Aptive Consulting

Aptive Consulting

Aptive is a cyber security consultancy providing Penetration Testing and Vulnerability Assessment services.

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality ISAC operates as a central hub for sharing sector-specific cyber security information and intelligence.

Riskified

Riskified

Riskified is a leading eCommerce fraud-prevention company, trusted by hundreds of global brands – from luxury fashion houses and retail chains, to gift card and ticket marketplaces.

SySS

SySS

SySS is a market leader in penetration testing in Germany and Europe.

Infigo IS

Infigo IS

INFIGO IS specializes in information security consulting services. Our employees are leading information security experts in Croatia.

CERT.lu

CERT.lu

CERT.lu is an initiative to enhance cyber security practices and techniques, and support security professionals in Luxembourg.

Matrix42

Matrix42

Matrix42 software for digital workspace experience manages devices, applications, processes and services simple, secure and compliant.

Sentrium Security

Sentrium Security

Sentrium is committed to helping organisations protect their technology, information and people. Our range of bespoke services provide solutions to tackle a broad range of cyber security challenges.

Node4

Node4

Node4 provide advanced, cloud-led digital transformation solutions, delivered with technical expertise, innovation and exceptional service to drive your business forwards.

Advantex Network Solutions

Advantex Network Solutions

Advantex Network Solutions are a leading provider in Mitel, IT Solutions, Networking, and iP surveillance.

Persistent Systems

Persistent Systems

Persistent Systems are a trusted Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry experience to help our clients.

Open Web Application Security Project (OWASP)

Open Web Application Security Project (OWASP)

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software.

Iron Mountain

Iron Mountain

Iron Mountain Incorporated is a global business dedicated to storing, protecting and managing, information and assets.

4Geeks Academy

4Geeks Academy

4Geeks Academy hosts coding bootcamps that provide students with job-ready tech skills.

DRTConfidence

DRTConfidence

DRTConfidence is the proven solution for today’s organizations needing to meet rigorous compliance standards across the enterprise.

Concentrix

Concentrix

Concentrix - the intelligent transformation partner. We help the world’s leading organisations to modernise technology, transform experiences, and solve their toughest business challenges.