Cyber Threats Escalate Against The Finance Sector

The finance industry has witnessed a surge in cyber threats over the past quarter, with increasing attacks from advanced persistent threat (APT) groups, ransomware gangs, and vulnerabilities emerging across financial systems.

According to a report by cybersecurity firm Cyfirma, the sector remains a prime target for cybercriminals, with attack campaigns peaking in May 2025.

APT Campaigns Targeting Finance

Cyfirma’s findings indicate that financial institutions were affected by all eight observed APT campaigns over the last 90 days. This marks a significant increase compared to the previous quarter, where only 80% of observed campaigns targeted finance. Notably, the most active cyber threat actors included Chinese groups such as Stone Panda, Volt Typhoon, and Salt Typhoon, along with Russian-based actors like TA505 and FIN11.  

Campaigns exhibited a global footprint, with the United States and India being the most targeted, appearing in five out of eight attacks. The United Kingdom, Japan, South Korea, and Thailand followed closely behind. Attackers focused primarily on web applications, operating systems, and routers, taking advantage of vulnerabilities across digital financial infrastructures.

Dark Web Chatter Reflects Declining But Persistent Threats  

Cyfirma’s analysis of underground cybercriminal forums shows that the finance sector accounted for 11.5% of all detected industry-linked discussions, ranking third amongst 14 industries. While mentions of data breaches and leaks fell by over 40%, ransom-related chatter decreased sharply by 76%. This decline suggests improved security measures or a shift in cybercriminal tactics.  

However, Distributed Denial-of-Service (DDoS) attacks saw a modest resurgence, indicating that financial institutions could still face disruption-based cyber incidents. Hacktivism and web exploits targeting finance also declined during the period, potentially reflecting stronger cybersecurity policies or a reduced activist focus.

Security Vulnerabilities Continue To Emerge 

The finance industry ranked ninth in vulnerability-related discussions, representing 4.05% of all identified security flaws. Injection attacks, one of the most critical cyber threats, declined by 70%, possibly due to improved security protocols. Remote Code Execution (RCE) and Cross-Site Scripting (XSS) vulnerabilities remained prominent, with the latter showing signs of resurgence.  

Cyfirma’s report underscores the importance of securing digital assets, as denial-of-service vulnerabilities have increased, aligning with the growing DDoS threat in underground cybercriminal circles.

Ransomware Attacks Surge With Insurance Firms Most Targeted

Finance ranked eighth amongst industries affected by ransomware, with 102 verified victims over the last 90 days - an increase of 29% from the previous quarter. The financial sector's share of total ransomware victims rose from 4.0% to 6.2%, highlighting cybercriminals’ growing focus on banks, insurance firms, and investment organisations.  

The SilentRansomGroup, a newly emerged ransomware gang, disproportionately targeted financial firms, accounting for 33% of all ransomware victims in the sector. LockBit followed closely behind, demonstrating continued interest in infiltrating financial networks. While some of the largest ransomware collectives, such as Akira and Qilin, remained highly active globally, their focus on financial entities was relatively low.  

Geographically, ransomware attacks were concentrated in the United States, which recorded 54 victims, accounting for 53% of all incidents. The United Kingdom, Germany, Canada, and Pakistan also saw notable increases in ransomware activity.

Cyfirma’s findings suggest that as financial organisations fortify their security, attackers are shifting their focus to specific institutions that may still have vulnerabilities.  

Conclusion: Growing Cyber Threats Require Stronger Defences  

Cyfirma’s report paints a concerning picture of the financial industry's cybersecurity landscape. The steady rise in APT campaigns, underground threats, vulnerabilities, and ransomware incidents underscores the urgent need for financial firms to bolster their defences.

As cybercriminal tactics evolve, organisations must proactively enhance security measures to counter sophisticated attacks.  

For more details, the full report can be accessed HERE

Image: Unsplash

You Might Also Read: 

Financial Services Institutions Must Protect Themselves From  Downtime:


If you like this website and use the comprehensive 7,000+ service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Enterprises Can Learn From Government Cyber Defence
Cyber Attack On Adidas Highlights A Rising Tide Of Retail Sector Threats »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Business Intelligence Associates (BIA)

Business Intelligence Associates (BIA)

BIA's TotalDiscovery is a defensible and cost-effective corporate preservation and legal compliance software solution.

Qolcom

Qolcom

Qolcom is a leading UK based integrator of secure wireless network and mobile device management solutions.

Heimdal Security

Heimdal Security

Heimdal Security provides proactive protection against cyber threats including ransomware, exploit kits and financial malware.

Dragos

Dragos

Dragos has built the first industrial cybersecurity ecosystem, the ultimate security defense.

FinlayJames

FinlayJames

FinlayJames supports cyber security companies to meet the increasing demand and pressure on them by finding top talent within the industry for their sales, marketing and technical teams.

Secudos

Secudos

SECUDOS is an innovative appliance technology and services provider focused on IT security and compliance.

Curricula

Curricula

Curricula's cyber security awareness training delivers short relatable security stories to your employees. We make learning cyber security simple and fun.

Cloud Range

Cloud Range

Cloud Range provides cybersecurity teams with access to the world's leading cyber range platform, eliminating the need to invest in costly cyber range infrastructure.

Diligent

Diligent

Diligent's SaaS GRC platform gives leaders a connected view of governance, risk, compliance and ESG across their organization.

Tailscale

Tailscale

Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly.

Omantel Innovation Labs

Omantel Innovation Labs

The Omantel Innovation Labs is a platform to enable startups and innovators to develop and commercialize solutions within selected technology verticals including cybersecurity.

SignMyCode

SignMyCode

SignMyCode is a one-stop shop for trusted and authentic code signing solutions to safeguard software.

CBIT Digital Forensics Services (CDFS)

CBIT Digital Forensics Services (CDFS)

CDFS is Australia’s premier supplier of digital forensic tools, industry-embedded training and certification to Law Enforcement, Government, and Corporate Enterprise.

CYNC Secure

CYNC Secure

CYNC boosts cybersecurity remediation by consolidating fragmented data and optimizing operational processes.

Styx Intelligence

Styx Intelligence

Styx Intelligence’s platform provides visibility and supports remediation against threats targeting your digital assets.