Cyber Threats Escalate Against The Finance Sector

The finance industry has witnessed a surge in cyber threats over the past quarter, with increasing attacks from advanced persistent threat (APT) groups, ransomware gangs, and vulnerabilities emerging across financial systems.

According to a report by cybersecurity firm Cyfirma, the sector remains a prime target for cybercriminals, with attack campaigns peaking in May 2025.

APT Campaigns Targeting Finance

Cyfirma’s findings indicate that financial institutions were affected by all eight observed APT campaigns over the last 90 days. This marks a significant increase compared to the previous quarter, where only 80% of observed campaigns targeted finance. Notably, the most active cyber threat actors included Chinese groups such as Stone Panda, Volt Typhoon, and Salt Typhoon, along with Russian-based actors like TA505 and FIN11.  

Campaigns exhibited a global footprint, with the United States and India being the most targeted, appearing in five out of eight attacks. The United Kingdom, Japan, South Korea, and Thailand followed closely behind. Attackers focused primarily on web applications, operating systems, and routers, taking advantage of vulnerabilities across digital financial infrastructures.

Dark Web Chatter Reflects Declining But Persistent Threats  

Cyfirma’s analysis of underground cybercriminal forums shows that the finance sector accounted for 11.5% of all detected industry-linked discussions, ranking third amongst 14 industries. While mentions of data breaches and leaks fell by over 40%, ransom-related chatter decreased sharply by 76%. This decline suggests improved security measures or a shift in cybercriminal tactics.  

However, Distributed Denial-of-Service (DDoS) attacks saw a modest resurgence, indicating that financial institutions could still face disruption-based cyber incidents. Hacktivism and web exploits targeting finance also declined during the period, potentially reflecting stronger cybersecurity policies or a reduced activist focus.

Security Vulnerabilities Continue To Emerge 

The finance industry ranked ninth in vulnerability-related discussions, representing 4.05% of all identified security flaws. Injection attacks, one of the most critical cyber threats, declined by 70%, possibly due to improved security protocols. Remote Code Execution (RCE) and Cross-Site Scripting (XSS) vulnerabilities remained prominent, with the latter showing signs of resurgence.  

Cyfirma’s report underscores the importance of securing digital assets, as denial-of-service vulnerabilities have increased, aligning with the growing DDoS threat in underground cybercriminal circles.

Ransomware Attacks Surge With Insurance Firms Most Targeted

Finance ranked eighth amongst industries affected by ransomware, with 102 verified victims over the last 90 days - an increase of 29% from the previous quarter. The financial sector's share of total ransomware victims rose from 4.0% to 6.2%, highlighting cybercriminals’ growing focus on banks, insurance firms, and investment organisations.  

The SilentRansomGroup, a newly emerged ransomware gang, disproportionately targeted financial firms, accounting for 33% of all ransomware victims in the sector. LockBit followed closely behind, demonstrating continued interest in infiltrating financial networks. While some of the largest ransomware collectives, such as Akira and Qilin, remained highly active globally, their focus on financial entities was relatively low.  

Geographically, ransomware attacks were concentrated in the United States, which recorded 54 victims, accounting for 53% of all incidents. The United Kingdom, Germany, Canada, and Pakistan also saw notable increases in ransomware activity.

Cyfirma’s findings suggest that as financial organisations fortify their security, attackers are shifting their focus to specific institutions that may still have vulnerabilities.  

Conclusion: Growing Cyber Threats Require Stronger Defences  

Cyfirma’s report paints a concerning picture of the financial industry's cybersecurity landscape. The steady rise in APT campaigns, underground threats, vulnerabilities, and ransomware incidents underscores the urgent need for financial firms to bolster their defences.

As cybercriminal tactics evolve, organisations must proactively enhance security measures to counter sophisticated attacks.  

For more details, the full report can be accessed HERE

Image: Unsplash

You Might Also Read: 

Financial Services Institutions Must Protect Themselves From  Downtime:


If you like this website and use the comprehensive 7,000+ service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Enterprises Can Learn From Government Cyber Defence
Cyber Attack On Adidas Highlights A Rising Tide Of Retail Sector Threats »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CloudCheckr

CloudCheckr

CloudCheckr is a next-gen cloud management platform that unifies Security & Compliance, Inventory & Utilization and Cost Management.

Lanner Electronics

Lanner Electronics

Lanner Electronics is a leading hardware provider for advanced network appliances and industrial automation solutions including cyber security.

Convercent

Convercent

We offer comprehensive and integrated compliance management, reporting, and analytics. A 360-degree view of compliance drives efficiency by aligning initiatives and data into a single dashboard.

Avansic

Avansic

Avansic is a leading provider of e-discovery and digital forensics services to attorneys, litigation support teams, and business communities.

Cyber Security Jobs

Cyber Security Jobs

Cyber Security Jobs was formed to help job seekers find jobs and recruiters fill cyber security job vacancies.

Prolimax

Prolimax

Prolimax deliver innovative solutions to IT Manufacturers, Distributors, Resellers and End-users including Data Erasure and secure IT Asset Disposition (ITAD)

OpenZeppelin

OpenZeppelin

OpenZeppelin builds developer tools and performs security audits for distributed systems that power multimillion-dollar economies.

SOC Prime

SOC Prime

SOC Prime is the only Threat Detection Marketplace where researchers monetize their content to help security teams defend against attacks easier, faster and more efficiently than ever.

Kiteworks

Kiteworks

Kiteworks (formerly Accellion) creates a dedicated Private Content Network that ensures zero-trust private content protection and compliance.

Lavabit

Lavabit

Lavabit's Dark Internet Mail Environment is a secure, open-source, secure end-to-end communications platform for asynchronous messaging across the internet.

G-71

G-71

G-71 LeaksID is a cutting-edge ITM technology aimed at safeguarding sensitive documents from insider threats.

ReachOut Technology

ReachOut Technology

ReachOut is a transformative approach to IT Security, Support, and Guidance. But we’re more than that. We’re passionate IT experts driven to make solutions to your problems.

ClearFocus Technologies

ClearFocus Technologies

ClearFocus Technologies provides advanced cybersecurity services that secure our nation’s most sensitive assets.

Upwind Security

Upwind Security

Upwind delivers comprehensive cloud security, precisely when and where it’s most critical.

Layer 8 Security

Layer 8 Security

Layer 8 Security is a cybersecurity advisory, consulting, and technical services firm that arms businesses with practical compliance, risk management, and security program strategies.

Defend

Defend

DEFEND are 100% focused on providing managed cybersecurity solutions and services that make a real difference to the cyber resilience of your organisation.