Positive Technologies analysed[1] cyberthreats in the financial industry, finding that by the end of H1 2024, these organisations placed among the top five in recorded incidents. During this period, the share of cyberattacks using social engineering more than doubled compared to H1 2023, while malware remains the weapon of choice for cybercriminals. Banks, including federal and regional organisations from 52 countries, were the primary targets of the attacks.
Despite suffering the largest number of successful cyberattacks overall, financial-related cybersecurity incidents worldwide decreased by 36% in 2024 compared to H1 2023. Experts link this decline to the overall increase of corporate security but emphasize that IT assets of financial organisations are still vulnerable to hacker efforts. Furthermore, analysts point to the fact that many companies cover up security incidents to avoid bad publicity; some incidents are still made known through messages on dark web forums, however. In 2024, experts observed that the actual number of messages on dark web forums was five times higher than the number of publicly reported cyberattacks.
According to Elena Kozlova, Director of Business Development for the Financial Sector at Positive Technologies, “The financial sector maintains interindustry balance and currency stability, ensures the execution of international contracts, and addresses other critical government tasks. That is why financial services must be extremely cyber resilient. Given the pace at which new cyberthreats emerge, organisations should use advanced cybersecurity tools that enable them to prevent non-tolerable events at early stages. Moreover, it’s essential to ensure the security of financial products during the development process. This is particularly important for applications that use AI-based technologies popular with the financial sector, as 77% of companies have already encountered cybersecurity incidents in such systems.”
Malware is one of the primary methods of attack on financial organisations. For instance, in H1 2024, it accounted for 56% of reported incidents, representing a 12% increase over the same period in 2023. Ransomware remains the most common type of malware encountered, however, in 2024, the number of publicly-disclosed ransomware attacks experienced by financial organisations dropped by as much as 28% compared to H1 2023. In second place are RATs (remote access trojans), which have seen their share triple over the past year, reaching an incident share of 34% by mid-year.
Anna Golushko, Senior Information Security Analyst at Positive Technologies, noted:”Most RATs have spyware functions that are often used by APT groups. These groups target the financial sector due to its close ties with government institutions. Cybercriminals increasingly spread malware via email: 49% of cases in H1 2023, rising to 66% in H1 2024. For instance, India’s National Bank for Agriculture and Rural Development received a phishing email concerning SWIFT transactions. The attached ZIP file contained a script of the JSOutProx remote access trojan. To fend off these types of attacks promptly and without the risk of human error, we recommend automating your security operations centres by implementing the MaxPatrol O2 autopilot, which leverages cutting-edge cybersecurity expertise.”
The number of cyberattacks involving social engineering rose to 65% in H1 2024. For comparison, they accounted for 29% in H1 2023 and for 35% in H2. One such attack was launched by Scattered Spider, a major campaign that affected dozens of U.S. organisations, including Visa, PNC, and Transamerica. Cybercriminals used lookalike domains mimicking Okta’s login pages and its content management system (CMS), then performed SIM swap attacks to gain access to confidential data.
The analysis of posts on dark web forums[2] revealed that the highest number of messages concerned attacks against organisations located in Europe (27%), Asia (24%), and North America (17%). In most postings, cybercriminals boasted about carrying out DDoS attacks (30%), as well as selling or distributing stolen databases (26%). Financial organisations in Asia (42%), the Middle East (10%), and Russia (10%) were the most frequent victims of data breaches. In 65% of cases, posts on dark web forums were related to banks, with 54% of these messages detailing DDoS attacks.
The most common consequence of cyberattacks (80%) on the financial sector was data breaches. Next came the disruption of core activities (16%), which, despite its reduced share, remained one of the most dangerous consequences for the financial sector. Moreover, in 2023–2024, the financial sector has ranked[3] second in terms of financial losses due to data breaches. Data breaches can cause irreparable damage to a company or its affiliated organisations. To strengthen your IT infrastructure against attacks, experts recommend using result-driven cybersecurity to prevent the risks that could severely impact your business. With result-driven cybersecurity, even if attackers breach your infrastructure, they won’t be able to inflict non-tolerable damage.
[1] This study sheds light on the cyberthreats financial organizations are faced with, drawing on data from analyzing successful cyberattacks recorded between the period H2 2023 to mid-2024. Organizations covered by the study include banks, insurance companies, credit institutions, payment systems, securities firms, microfinance organizations, and investment funds, among others.
[2] The experts analyzed 330 sources in various languages, including Telegram channels and dark web forums covering diverse topics with a total user base of over 180 million people. The posts covered by this study were published between the period H2 2023 to mid-2024.
[3] According to the 2024 Cost of a Data Breach Report by IBM, financial organizations faced data breach damages of 5.9 million USD in 2023 and 6.08 million USD in 2024. The financial sector ranks second among other industries, just behind healthcare.
Discussion about this post