Positive Technologies has outlined the major cyberthreats the financial sector may face in the coming years. The company announced that ransomware attacks, malicious use of QR codes, API vulnerabilities, DDoS campaigns, and attacks targeting suppliers and partners are among the top risks.

The financial sector remains one of the top five most targeted industries by cybercriminals, according to Positive Technologies’ analysis of data from 2024 to the first quarter of 2025. The report revealed that 67% of successful cyberattacks involved data theft used for blackmail. Another 26% caused operational disruptions, while 5% resulted in financial theft.

Social engineering was involved in 57% of successful attacks on financial organizations in 2024. Analysts from Positive Technologies predict that such incidents will rise further. This increase is expected as cybercriminals leverage artificial intelligence (AI) to craft convincing phishing emails. Conversely, security teams are also adopting AI to detect malicious content generated by AI.

The report also highlighted growing risks related to application programming interfaces (APIs). Without proper security, APIs could serve as entry points for cybercriminals. The problem worsens with shadow APIs, which often lack protection. Additionally, the number of vulnerable AI-enabled APIs reportedly increased tenfold in 2024, according to a Wallarm report.

Another emerging threat involves attacks on contractors and suppliers. Cybercriminals are expected to target less secure partners to access larger financial organizations. Small and medium-sized businesses could be collateral victims if attackers cannot reach main targets.

Roman Reznikov, Cybersecurity Research Analyst at Positive Technologies, said, “Cybercriminals continue to exploit legitimate and widely used tools in fraudulent schemes. Attacks involving QR codes have become more frequent. Hackers replace legitimate QR codes with malicious ones in public spaces and bypass email security by exploiting the difficulty in detecting QR codes within messages.” He added that future malware could alter QR codes directly on device screens during payments, making caution essential.

The report also revealed that the access-as-a-service market poses a serious challenge. Nearly 9% of dark web listings for access sales relate to the financial sector. This market is expected to grow as new technologies lower barriers to cybercrime. Inexperienced attackers may sell discovered access points to more skilled criminals.

Ransomware attacks are projected to increase as well. Cybercriminals have started demanding ransoms lower than potential data breach fines. This tactic is likely to become common in countries with turnover-based fines such as Russia, Brazil, and China.

DDoS campaigns will remain a significant threat in 2025. Hackers are expected to build massive botnets from compromised IoT devices. Using AI, they may launch adaptive attacks that respond to countermeasures.

To defend against these evolving threats, financial organizations must adopt comprehensive cybersecurity strategies. Positive Technologies recommends advanced tools like next-generation firewalls (NGFWs) such as PT NGFW, web application firewalls (WAFs) like PT Application Firewall, and SIEM systems including MaxPatrol SIEM integrated with EDR solutions like MaxPatrol EDR. Sandboxes such as PT Sandbox and network traffic analysis/detection systems like PT NAD are also essential to detect malware and hacker activity.

Related post

View all