Cyber Threats Escalate Against The Finance Sector

The finance industry has witnessed a surge in cyber threats over the past quarter, with increasing attacks from advanced persistent threat (APT) groups, ransomware gangs, and vulnerabilities emerging across financial systems.

According to a report by cybersecurity firm Cyfirma, the sector remains a prime target for cybercriminals, with attack campaigns peaking in May 2025.

APT Campaigns Targeting Finance

Cyfirma’s findings indicate that financial institutions were affected by all eight observed APT campaigns over the last 90 days. This marks a significant increase compared to the previous quarter, where only 80% of observed campaigns targeted finance. Notably, the most active cyber threat actors included Chinese groups such as Stone Panda, Volt Typhoon, and Salt Typhoon, along with Russian-based actors like TA505 and FIN11.  

Campaigns exhibited a global footprint, with the United States and India being the most targeted, appearing in five out of eight attacks. The United Kingdom, Japan, South Korea, and Thailand followed closely behind. Attackers focused primarily on web applications, operating systems, and routers, taking advantage of vulnerabilities across digital financial infrastructures.

Dark Web Chatter Reflects Declining But Persistent Threats  

Cyfirma’s analysis of underground cybercriminal forums shows that the finance sector accounted for 11.5% of all detected industry-linked discussions, ranking third amongst 14 industries. While mentions of data breaches and leaks fell by over 40%, ransom-related chatter decreased sharply by 76%. This decline suggests improved security measures or a shift in cybercriminal tactics.  

However, Distributed Denial-of-Service (DDoS) attacks saw a modest resurgence, indicating that financial institutions could still face disruption-based cyber incidents. Hacktivism and web exploits targeting finance also declined during the period, potentially reflecting stronger cybersecurity policies or a reduced activist focus.

Security Vulnerabilities Continue To Emerge 

The finance industry ranked ninth in vulnerability-related discussions, representing 4.05% of all identified security flaws. Injection attacks, one of the most critical cyber threats, declined by 70%, possibly due to improved security protocols. Remote Code Execution (RCE) and Cross-Site Scripting (XSS) vulnerabilities remained prominent, with the latter showing signs of resurgence.  

Cyfirma’s report underscores the importance of securing digital assets, as denial-of-service vulnerabilities have increased, aligning with the growing DDoS threat in underground cybercriminal circles.

Ransomware Attacks Surge With Insurance Firms Most Targeted

Finance ranked eighth amongst industries affected by ransomware, with 102 verified victims over the last 90 days - an increase of 29% from the previous quarter. The financial sector's share of total ransomware victims rose from 4.0% to 6.2%, highlighting cybercriminals’ growing focus on banks, insurance firms, and investment organisations.  

The SilentRansomGroup, a newly emerged ransomware gang, disproportionately targeted financial firms, accounting for 33% of all ransomware victims in the sector. LockBit followed closely behind, demonstrating continued interest in infiltrating financial networks. While some of the largest ransomware collectives, such as Akira and Qilin, remained highly active globally, their focus on financial entities was relatively low.  

Geographically, ransomware attacks were concentrated in the United States, which recorded 54 victims, accounting for 53% of all incidents. The United Kingdom, Germany, Canada, and Pakistan also saw notable increases in ransomware activity.

Cyfirma’s findings suggest that as financial organisations fortify their security, attackers are shifting their focus to specific institutions that may still have vulnerabilities.  

Conclusion: Growing Cyber Threats Require Stronger Defences  

Cyfirma’s report paints a concerning picture of the financial industry's cybersecurity landscape. The steady rise in APT campaigns, underground threats, vulnerabilities, and ransomware incidents underscores the urgent need for financial firms to bolster their defences.

As cybercriminal tactics evolve, organisations must proactively enhance security measures to counter sophisticated attacks.  

For more details, the full report can be accessed HERE

Image: Unsplash

You Might Also Read: 

Financial Services Institutions Must Protect Themselves From  Downtime:


If you like this website and use the comprehensive 7,000+ service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Enterprises Can Learn From Government Cyber Defence
Cyber Attack On Adidas Highlights A Rising Tide Of Retail Sector Threats »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Energy Sec

Energy Sec

EnergySec is a United States 501(c)(3) non-profit corporation formed to support energy sector organizations with the security of their critical technology infrastructures.

European Recruitment

European Recruitment

European Recruitment is an award-winning, international recruitment agency specialising in niche technology areas including Cyber Security.

Cansure

Cansure

Cansure is a leading insurance provider in Canada offering a broad range of property & casualty insurance solutions including Cyber & Data Breach insurance.

Protergo Cyber Security

Protergo Cyber Security

Protergo Cyber Security is the first integrated provider of cybersecurity solutions in Indonesia. We proactively protect our clients from cyber threats.

Cambridge Cybercrime Centre

Cambridge Cybercrime Centre

The Cambridge Cybercrime Centre is a multi-disciplinary initiative combining expertise from the Department of Computer Science and Technology, Institute of Criminology and Faculty of Law.

RealCISO

RealCISO

RealCISO is a CISO grade cloud platform to help companies understand, manage, and mitigate their cyber risk.

Secure Cyber Defense

Secure Cyber Defense

Secure Cyber Defense provides expert cybersecurity consulting and managed detection and response services to companies, local government, schools and universities.

Seemplicity

Seemplicity

Seemplicity revolutionizes the way security teams work by automating, optimizing and scaling all risk reduction workflows in one workspace.

BitLyft

BitLyft

BitLyft is a managed detection and response provider that is dedicated to delivering unparalleled protection from cyber attacks for organizations of all sizes.

Quod Orbis

Quod Orbis

Quod Orbis are a fast-growing, innovative company providing market-leading expertise in cyber security and Continuous Controls Monitoring (CCM).

HEAL Security

HEAL Security

HEAL Security is the global authority for cybersecurity data, research and insights across the healthcare sector.

Token

Token

Token is changing the way our customers secure their organizations by providing passwordless, biometric, multifactor authentication.

CODA Intelligence

CODA Intelligence

CODA's AI-powered attack surface management platform helps you sort out the important remediations needed in order to avoid exploits on your systems.

Advania UK

Advania UK

Advania are one of Microsoft’s leading partners in the UK, specialising in Azure, Security, Dynamics 365 and Microsoft 365.

Health Sector Cybersecurity Coordination Center (HC3) - USA

Health Sector Cybersecurity Coordination Center (HC3) - USA

HC3 was created by the US Department of Health and Human Services to aid in the protection of vital, controlled, healthcare-related information.

Fortress SRM

Fortress SRM

Fortress SRM protects companies from the financial, operational, and emotional trauma of cybercrime by improving the security performance of its people, processes, and technology.