Kaspersky’s 2025 Security Bulletin highlights key cybersecurity trends and provides an outlook for the future, with a primary focus on the financial sector. The report reveals that in 2025, financial institutions faced a rapidly evolving cyber landscape, including malware distribution via messaging apps, AI-assisted attacks, supply chain compromises, and NFC-based fraud.
According to Kaspersky Security Network statistics (November 2024 – October 2025), 8.15% of financial sector users encountered online threats, while 15.81% faced local (on-device) threats. Kaspersky solutions detected 1,338,357 banking trojan attacks, and 12.8% of B2B finance organizations were affected by ransomware—marking a 35.7% increase in impacted users compared to 2024.
Key Cybersecurity Trends in 2025
Supply Chain Attacks Escalate
Financial institutions experienced unprecedented supply chain attacks exploiting vulnerabilities in third-party providers. Breaches cascaded through national payment networks, impacting core banking systems and revealing the critical role of third-party cybersecurity.
Organized Crime Meets Cybercrime
Criminal groups increasingly combined physical and digital methods, producing sophisticated attacks. Threats blended social engineering, insider manipulation, and technical exploits to target institutions.
Malware Finds New Channels
Cybercriminals shifted from traditional email phishing to messaging platforms, rewriting banking trojans to spread via apps like WhatsApp, expanding the scale and speed of infections.
AI-Enabled Malware Expands
AI-powered malware incorporated automated propagation and evasion, reducing the time between creation and deployment. Attacks spread faster and reached a wider number of targets, highlighting the growing role of artificial intelligence in cybercrime.
Mobile Banking & NFC Fraud
Android malware leveraging Automated Transfer Systems (ATS) manipulated transfer amounts and recipients without user knowledge. NFC-based attacks enabled both physical fraud in crowded areas and remote fraud through fake apps and social engineering.
Blockchain-Based Command & Control
Attackers embedded malware commands in blockchain smart contracts targeting Web3 systems and cryptocurrencies. This method ensures persistent control, even if conventional servers are disabled, marking a new level of resilience in cyberattacks.
Persistent Ransomware Threat
Ransomware remains a major concern, affecting 12.8% of B2B financial organizations, demonstrating the ongoing need for robust security strategies.
Predictions for 2026
-
Banking Trojans via Messaging Apps: Malware will be rewritten for platforms like WhatsApp to target corporate and government organizations relying on desktop banking.
-
Deepfake & AI-Driven Social Engineering: The use of realistic deepfakes in scams and recruitment fraud is expected to increase, bypassing traditional KYC mechanisms.
-
Regional Info Stealers: Targeted malware campaigns will emerge for specific countries or regions, leveraging a malware-as-a-service model.
-
Agentic AI Malware: Malware capable of dynamically adapting behavior mid-attack will expand, combining infiltration, data exfiltration, and disruption.
-
NFC Payment Attacks: Continued growth of malware targeting NFC transactions in both consumer and enterprise payments.
-
Pre-Infected Smart Devices: Risks from devices preloaded with malware, such as Android phones and smart TVs, will persist, threatening user data and banking credentials.
Kaspersky Recommendations
-
Regularly monitor accounts and transactions for suspicious activity.
-
Download apps only from official stores and verify developer authenticity.
-
Disable NFC when not needed and use secure wallets.
-
Employ Kaspersky Premium with Safe Money to verify payment systems and banking websites.
Organizational Cybersecurity Measures
-
Conduct comprehensive infrastructure assessments and fix vulnerabilities.
-
Utilize integrated platforms for monitoring, rapid detection, and response (Kaspersky Next products provide EDR/XDR solutions).
-
Keep up-to-date with threat intelligence and provide employee training to build a human firewall.
