What makes this year’s findings especially notable is how quickly cybercrime is evolving. Messaging apps became malware highways. NFC payments turned into a playground for fraudsters. And ransomware continued its steady march across global financial systems. Here’s a breakdown of what happened—and what may be coming next.
The Numbers Behind a Chaotic Year
According to Kaspersky’s data:
- 8.15% of users in the finance sector experienced online threats.
- 15.81% dealt with local threats such as infected files and removable media.
- 12.8% of B2B financial organizations were hit by ransomware.
- Ransomware encounters among finance users jumped 35.7% compared to 2023.
- More than 1.3 million banking trojan attacks were detected.
It’s a sharp reminder that finance remains one of the most targeted—and most rapidly changing—cyber battlegrounds.
When Attackers Go After the Links in the Chain
One trend that defined 2025 was the rise of supply chain attacks. Instead of attacking a bank directly, cybercriminals targeted upstream vendors, third-party services, and payment infrastructure providers. Those compromises rippled outward, threatening national payment networks and, in some regions, touching central financial systems.
This approach isn’t new, but the scale and coordination reached new heights. As institutions rely more on cloud providers and specialized fintech partners, attackers increasingly see suppliers as high-value shortcuts.
Organized Crime Is Now Playing in Both Worlds
Kaspersky’s report highlights a growing convergence between physical organized crime and cybercrime. Think insider manipulation combined with digital exploitation—criminal groups using social engineering, compromised employees, and technical skill to run coordinated operations.
This blending of worlds makes attacks harder to detect and even harder to disrupt. It also means security teams must think beyond firewalls and start paying more attention to “human networks” inside organizations.
Malware Found a New Home in Messaging Apps
While email phishing is still alive, cybercriminals spent 2025 pushing deeper into platforms like WhatsApp, Telegram, and other social apps. Banking trojans were rewritten to spread through chat messages, mimicking trusted contacts or support agents.
Given how heavily global users rely on messaging apps—and how casually we trust incoming messages—this shift dramatically expands the attack surface. Big picture: cybercriminals are simply following users to the platforms where they spend most of their time.
AI Took Malware to the Next Level
AI-assisted attacks went mainstream in 2025. Malware now adapts faster, hides better, and spreads automatically with little human intervention. Automation shrinks the time from creation to deployment, making defensive response windows tighter than ever.
Some strains even use AI techniques to evade detection, choose targets, or reconfigure themselves mid-attack. It’s not just more malware—it’s smarter malware.
Mobile Banking Fraud Hit a Turning Point
Android-focused attacks grew more advanced, particularly those using ATS (Automated Transfer System) tools to secretly alter transfers in real time. Meanwhile, NFC payment fraud surged both in physical spaces (like crowded transport hubs) and through social engineering linked to fake mobile banking apps.
With contactless payments continuing to expand globally, attackers are clearly investing in ways to quietly intercept or manipulate those transactions.
Blockchain Became a Weapon, Not Just a Target
Criminals also began using blockchain smart contracts as command-and-control (C2) infrastructure for malware. Because blockchain is decentralized and difficult to take down, attackers can embed malicious instructions that remain accessible even if hosting servers are removed.
It’s a clever twist: instead of only stealing cryptocurrencies, threat actors now exploit Web3 itself to coordinate large-scale crimeware campaigns.
Ransomware Didn’t Slow Down
Ransomware continued to challenge financial institutions, especially in Africa (12.9% of B2B orgs) and Latin America (12.6%). Even regions with lower numbers are experiencing increasingly complex incidents tied to double-extortion tactics and data-leak pressure campaigns.
Looking Ahead to 2026: The Threats Already Forming
Kaspersky’s predictions suggest that 2026 will be even more unpredictable, with several shifts already taking shape:
- Banking trojans moving fully into WhatsApp, especially for corporate and government environments reliant on desktop banking.
- Deepfake-powered social engineering escalating, particularly for job scams and identity verification bypassing.
- Regional information stealers emerging as localized malware markets mature.
- More aggressive NFC attacks targeting everyday users as mobile payments grow.
- Agentic AI malware capable of changing behavior dynamically mid-execution, making detection dramatically harder.
- Classic fraud evolving with new delivery channels—from new social apps to alternative messaging platforms.
- Pre-infected “out-of-box” devices remaining a persistent threat, extending beyond smartphones to smart TVs and other IoT devices.
Together, these trends point to a landscape where the line between device, platform, and identity becomes increasingly blurred—and where AI continues to tilt the balance toward attackers.
How Users and Organizations Can Stay a Step Ahead
Kaspersky recommends a mix of digital hygiene and strategic defense:
- Download apps exclusively from official stores and verify developers.
- Disable NFC when not needed and use wallets that block unauthorized scans.
- Monitor banking transactions regularly for unusual activity.
- Use platforms like Kaspersky Premium with Safe Money for authenticated financial transactions.
For organizations, a more holistic approach is key:
- Assess the entire infrastructure and fix vulnerabilities—ideally with third-party experts for unbiased reviews.
- Adopt integrated cybersecurity platforms (EDR/XDR) for real-time monitoring across all attack surfaces.
- Stay informed with threat intelligence and run continuous staff awareness training.
As Fabio Assolini from Kaspersky notes, “organizations must secure not only their systems but also the human networks that support them.”
Where Does This Leave the Financial Sector?
Cybersecurity in finance is no longer just about securing endpoints or encrypting transactions. It’s about protecting an ecosystem: people, devices, vendors, and increasingly, AI-driven workflows. With 2026 already hinting at smarter malware and more creative attack routes, the question becomes less about whether threats will grow—and more about how prepared institutions will be when they do.
What trend do you think will shape the future of financial cybersecurity the most—AI-driven attacks, messaging-app trojans, or another threat entirely?
