Kaspersky flags AI, blockchain and crime syndicate threats to finance

Kaspersky has released its 2025 Security Bulletin, outlining the year’s most significant cyberthreats to the global financial sector and warning of increasingly sophisticated attacks driven by artificial intelligence, blockchain-based infrastructure, and organized crime.

The first edition of the bulletin focuses on finance-related cyber risks, noting that the sector experienced rapid shifts in attack methods, including malware spread through messaging apps, AI‑assisted operations, supply chain breaches, and NFC-enabled fraud.

Kaspersky reported that 8.15% of users in the finance sector faced online threats this year, while 15.81% encountered local threats. It added that 12.8% of B2B financial organizations worldwide suffered ransomware attacks, representing a 35.7% increase in unique users detecting ransomware compared with 2023. A total of 1,338,357 banking trojan attacks were detected across the sector in 2025.

The company highlighted the severity of supply chain attacks, warning that vulnerabilities in third‑party providers can cascade through national payment networks and impact central systems.

Kaspersky also noted the convergence of organized crime with cybercrime, resulting in attacks that combine social engineering, insider manipulation, and technical intrusion techniques.

A growing number of banking trojans are now being distributed through messaging platforms, marking a shift away from traditional email phishing and enabling large‑scale infections via popular apps.

AI‑enabled malware has become more powerful, with automated propagation and evasion techniques that expand the speed and reach of attacks while reducing the time between malware creation and deployment.

Mobile banking threats continue to rise, especially Android attacks that use Automated Transfer System (ATS) capabilities to modify transfers in real time without user awareness. NFC‑based fraud has also expanded in both physical and remote scenarios through social engineering and fake banking apps.

A notable development is the increased use of blockchain‑based command‑and‑control (C2) infrastructure. Kaspersky said cybercriminals are embedding malware commands in smart contracts to steal cryptocurrencies and maintain persistence even when conventional servers are disabled.

Ransomware remained a major global threat, affecting 12.9% of B2B finance firms in Africa, 12.6% in Latin America, and 9.4% in Russia and CIS between November 2024 and October 2025.

Some malware families are fading as their activity depends heavily on specific criminal groups, according to Kaspersky.

“In 2025, financial cyber threats evolved into a complex landscape, with attacks hitting businesses and end users alike. Criminal groups increasingly combined digital tools, insider access, AI and blockchain to scale operations, forcing organizations to secure not only their systems but also the human networks that support them,” said Fabio Assolini, Head of the Americas & Europe units at Kaspersky GReAT.

Looking ahead to 2026, Kaspersky predicts:

1. Banking trojans rewritten for WhatsApp distribution, targeting institutions still reliant on desktop‑based online banking.
2. Expanded deepfake and AI‑powered social engineering, especially for scams involving jobs and KYC bypass.
3. Rise of regional information stealers due to the MaaS (malware‑as‑a‑service) model.
4. Increase in NFC‑based attacks across payment systems.
5. Emergence of agentic AI malware, capable of altering behavior mid‑execution and adapting to defenses in real time.
6. New delivery methods for traditional fraud, driven by new messaging platforms.
7. (Numbering in source jumps to 8) Continued spread of pre‑infected “out‑of‑box” devices, especially counterfeit Android devices and smart TVs carrying trojans like Triada.

Kaspersky experts recommend the following to keep safe:

• Download apps only from official stores and verify developer authenticity.
• Disable NFC when not in use, and utilize wallets that block unauthorized communication.
• Monitor accounts and transactions regularly for suspicious activity.
• Protect your financial transactions by adopting Kaspersky Premium with the Safe Money feature, which verifies the authenticity of known online payment systems and banking websites.

Financial organizations can embrace an ecosystem-based cybersecurity strategy that unites people, processes, and technology:

• Step 1: Assess the entire infrastructure, fix vulnerabilities, and consider external specialists for fresh perspectives that reveal concealed risks.
• Step 2: Deploy integrated platforms to monitor and control all attack vectors with rapid detection and swift response across the organization. Solutions from the Kaspersky Next product line can help with this goal, as they provide real-time protection, threat visibility, investigation, and EDR/XDR capabilities scalable to organizations of any size and in any industry.
• Step 3: Stay current with the threat landscape using Kaspersky threat intelligence and analytics, run regular awareness training to build a human firewall that recognizes threats