Evolving Financial Cyberthreat Landscape in 2025
TL;DR In 2025, Kaspersky’s research indicates a significant shift in financial cyber threats, with increased credential theft through infostealers and a decline in traditional banking malware. Phishing tactics have become more targeted, focusing on e-commerce and digital service platforms rather than traditional banking targets.
Main Analysis
Kaspersky’s analysis of cybersecurity trends in 2025 highlights a dramatic evolution in the financial threat landscape. While traditional banking malware has seen a decline, infostealers are now at the forefront, facilitating widespread credential theft that drives financial fraud. The increase in credential theft rests on stolen data aggregation and reuse, reflecting a shift in attacker focus from developing new malware to leveraging existing stolen data for scams and breaches.
Phishing activities have also transformed significantly this year. Attackers have pivoted towards e-commerce and digital services, with online stores and gaming platforms becoming prominent targets. The data shows a notable rise in e-commerce phishing (14.17%) and digital service phishing (16.15%). Campaigns are now more tailored to regional user behaviors and trends, employing enhanced social engineering tactics to exploit user trust effectively. For instance, while phishing attacks in the Middle East heavily targeted online retailers (85.8%), Africa’s scams primarily involved banks (53.75%).
Defensive Context
Organizations in the financial services sector, as well as those operating e-commerce and digital platforms, should be vigilant about the evolving threat landscape. Attackers are increasingly localizing their tactics based on regional user habits, which means that companies must ensure that their security measures address specific local threats rather than relying on a one-size-fits-all approach. Those not operating in the mentioned sectors might not face immediate threats but should remain aware of the overarching trends in credential theft and fraud.
Why This Matters
The shift towards credential theft and targeted phishing reflects a diversification of tactics used by cybercriminals, posing a heightened risk for organizations engaged in online transactions or storing sensitive customer information. Industries most exposed include e-commerce, gaming, and traditional financial sectors, where customer trust is paramount. Companies should recognize that a decrease in traditional malware does not equate to a decrease in risk.
Defender Considerations
Organizations should take proactive measures against infostealers by enhancing authentication methods and monitoring for suspicious activities tied to credential usage. The observed regional adaptations of phishing campaigns suggest that localized training and user awareness initiatives are critical for educating end-users and mitigating risks associated with targeted fraud attempts.
IOCs
The article does not provide specific indicators of compromise, such as IP addresses or file hashes, but it emphasizes trends and methods employed in current cybercriminal activities rather than concrete technical identifiers.
