Executive Summary
In 2025, the financial sector faced a rapidly evolving cyber landscape characterized by the proliferation of infostealers, AI-assisted attacks, and supply chain compromises. Notably, there was a significant increase in mobile financial threats, with a 102% rise in users affected globally compared to 2023. Additionally, 12.8% of B2B finance sector companies encountered ransomware attacks, marking a 35.7% increase from the previous year. These developments underscore the growing sophistication and diversification of cyber threats targeting financial institutions. (me-en.kaspersky.com)
Looking ahead to 2026, the financial sector is expected to confront even more complex challenges, including the emergence of quantum-proof ransomware and the continued advancement of mobile financial cyberthreats. Organizations must proactively adapt their cybersecurity strategies to address these evolving threats, emphasizing the importance of real-time monitoring, cross-channel threat intelligence, and robust identity protection measures. (kaspersky.com)
Why This Matters Now
The financial sector is at a critical juncture, facing increasingly sophisticated cyber threats that exploit emerging technologies and vulnerabilities. Immediate action is required to bolster defenses against AI-driven attacks, mobile financial malware, and supply chain compromises to safeguard sensitive financial data and maintain trust.
Attack Path Analysis
The adversary initiated the attack by deploying infostealer malware through phishing emails, leading to the theft of user credentials. With these credentials, they escalated privileges to access sensitive financial systems. They then moved laterally within the network to identify and access additional financial data. Establishing command and control channels, they maintained persistent access to the compromised systems. Subsequently, they exfiltrated financial data and credentials to external servers. Finally, the stolen data was used to conduct unauthorized financial transactions, resulting in significant financial loss.
Kill Chain Progression
Initial Compromise
Description
The adversary sent phishing emails containing malicious attachments or links, leading to the installation of infostealer malware on the victim's system.
MITRE ATT&CK® Techniques
Phishing
Phishing for Information
Financial Theft
Valid Accounts
Input Capture
Screen Capture
Data from Local System
Obfuscated Files or Information
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Multi-Factor Authentication (MFA)
Control ID: 8.3.1
NYDFS 23 NYCRR 500 – Encryption of Nonpublic Information
Control ID: 500.15
DORA – ICT Risk Management Framework
Control ID: Article 5
CISA ZTMM 2.0 – Implement Strong Authentication Mechanisms
Control ID: Identity and Access Management
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Banking/Mortgage
Primary target for multi-vector financial cybercrime with infostealers compromising over one million banking accounts globally, requiring enhanced encryption and zero trust segmentation.
Financial Services
Critical exposure to credential theft and phishing campaigns targeting payment systems, demanding egress security controls and threat detection capabilities for financial data protection.
E-Learning
Vulnerable to phishing attacks mimicking digital services platforms, needing multicloud visibility and east-west traffic security to protect educational payment and credential systems.
Consumer Electronics
Targeted by infostealers exploiting device vulnerabilities for financial credential harvesting, requiring Kubernetes security and cloud firewall protection for connected payment ecosystems.
Sources
- Financial cyberthreats in 2025 and the outlook for 2026https://securelist.com/financial-threat-report-2025/119304/Verified
- Financial sector faced AI, blockchain and organized crime threats in 2025, Kaspersky reportshttps://me-en.kaspersky.com/about/press-releases/financial-sector-faced-ai-blockchain-and-organized-crime-threats-in-2025-kaspersky-reportsVerified
- Kaspersky reports 15% growth in malicious email attacks in 2025https://www2.kaspersky.com/about/press-releases/kaspersky-reports-15-growth-in-malicious-email-attacks-in-2025Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could likely reduce the attacker's ability to move laterally and exfiltrate data by enforcing strict segmentation and controlled egress policies.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: While Aviatrix Zero Trust CNSF may not prevent the initial compromise via phishing, it could likely limit the attacker's subsequent actions within the cloud environment.
Control: Zero Trust Segmentation
Mitigation: Aviatrix Zero Trust Segmentation could likely limit the attacker's ability to escalate privileges by enforcing strict access controls based on identity and context.
Control: East-West Traffic Security
Mitigation: Aviatrix East-West Traffic Security could likely reduce the attacker's ability to move laterally by monitoring and controlling internal traffic flows.
Control: Multicloud Visibility & Control
Mitigation: Aviatrix Multicloud Visibility & Control could likely limit the attacker's ability to establish and maintain command and control channels by providing comprehensive monitoring across cloud environments.
Control: Egress Security & Policy Enforcement
Mitigation: Aviatrix Egress Security & Policy Enforcement could likely reduce the attacker's ability to exfiltrate data by controlling and monitoring outbound traffic.
While Aviatrix Zero Trust CNSF may not prevent the misuse of exfiltrated data, it could likely limit the scope of data accessible to attackers, thereby reducing potential financial impact.
Impact at a Glance
Affected Business Functions
- Online Banking Services
- E-commerce Platforms
- Payment Processing Systems
- Customer Account Management
Estimated downtime: 14 days
Estimated loss: $5,000,000
Personal and financial information of customers, including payment card details and banking credentials.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to restrict lateral movement within the network.
- • Deploy Egress Security & Policy Enforcement to monitor and control outbound traffic, preventing unauthorized data exfiltration.
- • Utilize Threat Detection & Anomaly Response systems to identify and respond to suspicious activities promptly.
- • Enforce Multi-Factor Authentication (MFA) to add an additional layer of security to user accounts.
- • Conduct regular security awareness training to educate employees on recognizing and avoiding phishing attempts.
