The finance industry has witnessed a surge in cyber threats over the past quarter, with increasing attacks from advanced persistent threat (APT) groups, ransomware gangs, and vulnerabilities emerging across financial systems.
According to a report by cybersecurity firm Cyfirma, the sector remains a prime target for cybercriminals, with attack campaigns peaking in May 2025.
APT Campaigns Targeting Finance
Cyfirma’s findings indicate that financial institutions were affected by all eight observed APT campaigns over the last 90 days. This marks a significant increase compared to the previous quarter, where only 80% of observed campaigns targeted finance. Notably, some active cyber threat actors include:
- Chinese groups: Stone Panda, Volt Typhoon, and Salt Typhoon
- Russian-based actors: TA505 and FIN11
Attack campaigns primarily focused on web applications, operating systems, and routers, targeting vulnerabilities across digital financial infrastructures in the US and India.
Dark Web Chatter Reflects Declining But Persistent Threats
Cyfirma’s analysis shows that the finance sector accounted for 11.5% of industry-linked discussions on underground forums. While data breach discussions fell over 40%, ransom-related chatter dropped by 76%. However, DDoS attacks resurfaced, indicating ongoing risks for financial institutions.
Security Vulnerabilities Continue To Emerge
The finance industry ranked ninth in vulnerability discussions, representing 4.05% of identified security flaws. Although injection attacks declined by 70%, vulnerabilities like Remote Code Execution and Cross-Site Scripting persist.
Ransomware Attacks Surge With Insurance Firms Most Targeted
In the last 90 days, finance ranked eighth among industries affected by ransomware, with a 29% increase in verified victims. New ransomware gangs like the SilentRansomGroup have specifically targeted financial firms.
The US accounted for the majority of ransomware attacks, indicating attackers are shifting their focus as financial organisations improve security.
Conclusion: Growing Cyber Threats Require Stronger Defences
Cyfirma’s report highlights urgent challenges in the cybersecurity landscape of the finance industry, necessitating enhanced defensive strategies against evolving cybercriminal tactics. For more details, the full report can be accessed HERE.
Key Points
- Cyber threats against the finance sector have increased significantly, with APT campaigns targeting various institutions.
- Discussion of data breaches in underground forums has declined, though risks from DDoS attacks remain present.
- Ransomware attacks have surged, with firms in the financial sector being primary targets.
- Vulnerabilities such as RCE and XSS persist, calling for more robust cybersecurity measures.
- Proactive enhancements to security infrastructure are critical to counter sophisticated attacks.
Why should I read this?
If you’re in the finance industry or simply interested in cybersecurity, this article is a must-read! It flashes a bright warning light on the escalating cyber threats targeting finance. Whether you’re on the front lines of defence or just keen on the subject, understanding these trends can help you stay one step ahead of cybercriminals.