The global financial industry endured one of its most turbulent cybersecurity years in 2025, with advanced malware, artificial intelligence driven attacks, supply chain compromises, and NFC based fraud emerging as dominant threats, according to the newly released Kaspersky Security Bulletin 2025.
Data drawn from the Kaspersky Security Network between November 2024 and October 2025 shows that 8.15 percent of users in the finance sector worldwide encountered online threats, while 15.81 percent faced local, on device risks. During the period, the firm detected 1,338,357 banking trojan attacks. Ransomware also surged, affecting 12.8 percent of B2B finance organisations globally, a rise of 35.7 percent in unique users compared to the previous year. Africa recorded a similar level of exposure at 12.9 percent.
Kaspersky analysts noted that 2025 marked a shift towards more complex attack chains, particularly after a wave of large scale supply chain breaches that moved through third party vendors and national payment networks, in some cases disrupting central systems. The report indicates that conventional distinctions between physical and digital crime continued to erode, as organised criminal networks increasingly fused social engineering, insider access, and technical exploitation.
Cybercriminals also expanded the use of popular messaging applications as malware distribution hubs, repurposing banking trojans to spread through channels that previously served mainly social interactions. At the same time, AI enabled malware incorporated automated propagation and evasion techniques that accelerated the pace of attacks.
Mobile banking threats intensified, with Android malware using Automated Transfer System capabilities to alter transfer details in real time without user awareness. NFC based fraud grew into a notable trend, appearing both in crowded physical environments and through remote social engineering schemes.
The report further highlights a rise in blockchain based command and control infrastructure, which allows attackers to embed instructions in smart contracts and maintain malware operations even when traditional servers are disabled. Some malware families are expected to disappear as specific criminal groups disband, but others are evolving in sophistication and delivery.
“In 2025, financial cyber threats evolved into a complex landscape, with attacks hitting businesses and end users alike. Criminal groups increasingly combined digital tools, insider access, AI and blockchain to scale operations, forcing organisations to secure not only their systems but also the human networks that support them,” said Fabio Assolini, Head of the Americas and Europe units at Kaspersky GReAT.
Looking ahead to 2026, the company expects banking trojans to be rewritten for distribution via WhatsApp, targeting institutions that rely on desktop based online banking. It also forecasts expanded markets for deepfake and AI driven social engineering, the emergence of regional information stealers, more frequent attacks on NFC payments, and the appearance of agentic AI malware capable of altering its behaviour mid execution. Kaspersky also warns that pre infected counterfeit devices, including smartphones and smart TVs, will remain a threat.
To mitigate risks, the firm advises users to monitor transactions frequently, install applications only from official stores, disable NFC when idle, and adopt secure payment verification tools. For financial institutions, Kaspersky recommends ecosystem level cyber strategies that combine technology, skilled personnel, and continuous threat intelligence, supported by integrated monitoring, rapid response platforms, and regular staff awareness training.
