Today’s special episode presents our comprehensive threat intelligence report on the cyber threat landscape facing the financial sector in 2025-2026.
We open with an unprecedented supply chain crisis: SecurityScorecard data reveals that 97% of major U.S. banks and 100% of European financial groups suffered at least one security breach via third-party suppliers in 2024. This systemic vulnerability is exemplified by the November 2025 SitusAMC compromise, where attackers exfiltrated confidential data from multiple banking clients through this real estate services provider.
Kaspersky Security Bulletin 2025 reports that 12.8% of B2B financial organizations faced ransomware attacks over twelve months, with detection systems blocking 1.33 million banking Trojan attacks. The emergence of “indirect ransomware” through compromised partners represents a fundamental shift in attack methodology, allowing criminals to bypass reinforced perimeter defenses.
The Record documents the geopolitical dimension with the December 2025 DDoS attack against La Poste and La Banque Postale. The pro-Russian hacktivist group NoName057(16) claimed responsibility, though attribution remains unconfirmed. ENISA data confirms these groups concentrated 69% of their attacks against the European banking subsector, targeting Italy, Spain, and France.
ENISA identifies North Korean APT group Lazarus as the primary state-aligned threat to EU financial institutions, with the group’s track record including the $81 million Bangladesh Central Bank SWIFT heist and over $1 billion stolen from cryptocurrency exchanges since 2018.
Looking ahead to 2026, the report anticipates increased attack sophistication via AI-powered malware capable of adaptive behavior, expansion of emerging financial technology attack surfaces including NFC payments and open banking APIs, and continued professionalization of financial cybercrime through specialized access broker marketplaces.
The European Union’s DORA regulation, implemented in 2025, addresses third-party supplier risks but does not constitute operational immunity, as demonstrated by the SolarWinds and MOVEit compromises affecting certified organizations.
Sources:
Sectoral Reports and Threat Analyses:
Kaspersky Security Bulletin 2025 – Financial Sector: https://www.kaspersky.com/about/press-releases/2025_kaspersky-financial-sector-faced-ai-blockchain-and-organized-crime-threats-in-2025
ENISA Threat Landscape 2025 – Finance Sector: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2025
FS-ISAC – Navigating Cyber 2025: https://www.fsisac.com/knowledge/annual-navigating-cyber-2025-report
KnowBe4 – Financial Sector Threats: The Shifting Landscape: https://www.knowbe4.com/hubfs/Financial-Sector-Threats-The-Shifting-Landscape.pdf
Documented Incidents and Compromises:
Cybersecurity Dive – SitusAMC Banking Vendor Breach: https://www.cybersecuritydive.com/news/hackers-steal-sensitive-data-major-banking-industry-vendor-situsamc/
The Record (Recorded Future) – NoName057(16) Attack on La Poste: https://therecord.media/pro-russian-hackers-claim-attack-french-postal-service-la-poste
American Banker – Marquis Breach (Carter Pape): https://www.muckrack.com/carter-pape/articles
Attribution and State Threat Actors:
Security Affairs – France Links APT28 to Government Attacks: https://securityaffairs.com/171234/apt/france-links-russian-apt28-attacks.html
Compliance and Regulation:
RESCO Courtage – Complete DORA Guide 2025: https://www.resco-courtage.com/dora-reglementation-guide-complet-2025
L’Usine Digitale – 2025 Cyberattacks and Lessons Learned: https://www.usine-digitale.fr/article/les-cyberattaques-qui-ont-marque-l-annee-2025-et-les-lecons-a-en-tirer.html
Don’t think, patch!
Your feedback is welcome.
Email: radiocsirt@gmail.com
Website: https://www.radiocsirt.com
Weekly Newsletter: https://radiocsirtenglishedition.substack.com/