Financial sector faces rising cyber threats from ransomware and zero-days

The Central Bank of Russia's Financial CERT detected 761 operational incidents and 38,418 phishing websites in 2025, underscoring persistent cyber threats to the financial market.

Credit and non-bank credit institutions were the most frequent victims, accounting for 98% of attacks.

Malware constituted 54% of all cyberattacks, followed by denial-of-service (DoS) attacks at 28% and email phishing at 13%.

Ransomware incidents were registered by ten financial institutions.

The report details a shift in attacker motivation towards infrastructure damage rather than solely ransom, fueled by the rising popularity of the Ransomware-as-a-Service (RaaS) model.

Malware types predominantly included Payload Trojans (27%), Backdoors (25%), and Infostealers (24%), indicating a focus on initial access and data compromise.

The Financial CERT's rapid response, within one hour for incidents, and extensive information exchange with over 1,700 organizations, are crucial for mitigating these threats.

Attacks via contractors, particularly IT and InfoSec service providers, emerged as a critical vector in 2025.

Malefactors targeted these more vulnerable entities to gain access to larger financial institutions, highlighting the need for enhanced risk management and information security standards in contractor agreements.

Software vulnerabilities also remained a primary entry point, with over 48,000 Common Vulnerabilities and Exposures (CVEs) registered globally, a 20% increase from 2024.

Notably, 69% of exploited vulnerabilities required no authentication, and nearly 30% allowed remote code execution.

The time between public release and exploitation of zero-day vulnerabilities has drastically reduced to less than 24 hours, forcing financial institutions to implement immediate patching strategies.

DDoS attacks, while down 21% from 2024, still caused 36 operational incidents, demonstrating their continued disruptive potential.