Cyber Threats Escalate Against The Finance Sector
The finance industry has witnessed a surge in cyber threats over the past quarter, with increasing attacks from advanced persistent threat (APT) groups, ransomware gangs, and vulnerabilities emerging across financial systems.
According to a report by cybersecurity firm Cyfirma, the sector remains a prime target for cybercriminals, with attack campaigns peaking in May 2025.
APT Campaigns Targeting Finance
Cyfirma’s findings indicate that financial institutions were affected by all eight observed APT campaigns over the last 90 days. This marks a significant increase compared to the previous quarter, where only 80% of observed campaigns targeted finance. Notably, the most active cyber threat actors included Chinese groups such as Stone Panda, Volt Typhoon, and Salt Typhoon, along with Russian-based actors like TA505 and FIN11.
Campaigns exhibited a global footprint, with the United States and India being the most targeted, appearing in five out of eight attacks. The United Kingdom, Japan, South Korea, and Thailand followed closely behind. Attackers focused primarily on web applications, operating systems, and routers, taking advantage of vulnerabilities across digital financial infrastructures.
Dark Web Chatter Reflects Declining But Persistent Threats
Cyfirma’s analysis of underground cybercriminal forums shows that the finance sector accounted for 11.5% of all detected industry-linked discussions, ranking third amongst 14 industries. While mentions of data breaches and leaks fell by over 40%, ransom-related chatter decreased sharply by 76%. This decline suggests improved security measures or a shift in cybercriminal tactics.
However, Distributed Denial-of-Service (DDoS) attacks saw a modest resurgence, indicating that financial institutions could still face disruption-based cyber incidents. Hacktivism and web exploits targeting finance also declined during the period, potentially reflecting stronger cybersecurity policies or a reduced activist focus.
Security Vulnerabilities Continue To Emerge
The finance industry ranked ninth in vulnerability-related discussions, representing 4.05% of all identified security flaws. Injection attacks, one of the most critical cyber threats, declined by 70%, possibly due to improved security protocols. Remote Code Execution (RCE) and Cross-Site Scripting (XSS) vulnerabilities remained prominent, with the latter showing signs of resurgence.
Cyfirma’s report underscores the importance of securing digital assets, as denial-of-service vulnerabilities have increased, aligning with the growing DDoS threat in underground cybercriminal circles.
Ransomware Attacks Surge With Insurance Firms Most Targeted
Finance ranked eighth amongst industries affected by ransomware, with 102 verified victims over the last 90 days - an increase of 29% from the previous quarter. The financial sector's share of total ransomware victims rose from 4.0% to 6.2%, highlighting cybercriminals’ growing focus on banks, insurance firms, and investment organisations.
The SilentRansomGroup, a newly emerged ransomware gang, disproportionately targeted financial firms, accounting for 33% of all ransomware victims in the sector. LockBit followed closely behind, demonstrating continued interest in infiltrating financial networks. While some of the largest ransomware collectives, such as Akira and Qilin, remained highly active globally, their focus on financial entities was relatively low.
Geographically, ransomware attacks were concentrated in the United States, which recorded 54 victims, accounting for 53% of all incidents. The United Kingdom, Germany, Canada, and Pakistan also saw notable increases in ransomware activity.
Cyfirma’s findings suggest that as financial organisations fortify their security, attackers are shifting their focus to specific institutions that may still have vulnerabilities.
Conclusion: Growing Cyber Threats Require Stronger Defences
Cyfirma’s report paints a concerning picture of the financial industry's cybersecurity landscape. The steady rise in APT campaigns, underground threats, vulnerabilities, and ransomware incidents underscores the urgent need for financial firms to bolster their defences.
As cybercriminal tactics evolve, organisations must proactively enhance security measures to counter sophisticated attacks.
For more details, the full report can be accessed HERE
Image: Unsplash
You Might Also Read:
Financial Services Institutions Must Protect Themselves From Downtime:
If you like this website and use the comprehensive 7,000+ service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquires: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible