Financial cyberthreats in 2025 and the outlook for 2026
Olga Altukhova, Oleg Kupreev, Polina Tretyak ·
2026-04-08 ·
Read original ↗
ATT&CK techniques detected
12 predictions
T1555.003Credentials from Web Browsers
90%
“of document names, software titles, or other accounting - related keywords in the headers of attached files. globally in the corporate segment, pure was detected 896 633 times over 2025, with over 64 thousand users attacked. contrary to pc banking malware, mobile banker attacks g…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
82%
“top 10 categories of organizations mimicked by phishing and scam pages that were blocked on home users ’ devices in europe, 2025 ( download ) attackers actively localize their tactics to maximize relevance and effectiveness. the distribution of financial phishing pages by categor…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
81%
“connected user bases. top 10 categories of organizations mimicked by phishing and scam pages that were blocked on home users ’ devices in the cis, 2025 ( download ) apac demonstrates almost equal shares of online games and banks which signifies a combined approach targeting diffe…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
78%
“phishing and scam pages, 2025 ( download ) regionally, this trend varies : netflix dominates heavily in the middle east, apple leads in apac, while spotify ranks first across europe, latam, and africa. although most of the top platforms are highly popular across different regions…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
71%
“##rency - related databases, are among the most popular. compilations aimed at specific user groups, such as the elderly or wealthy people, are also of interest to cybercriminals. usually, thematic databases contain personal information about users, such as names, phone numbers, …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
60%
“banking lures. banking malware financial pc malware declined in prevalence but remained a persistent threat, with established families continuing to operate, while attackers increasingly prioritize credential access and indirect fraud over deploying complex banking trojans. to th…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1598.003Spearphishing Link
58%
“##rency - related databases, are among the most popular. compilations aimed at specific user groups, such as the elderly or wealthy people, are also of interest to cybercriminals. usually, thematic databases contain personal information about users, such as names, phone numbers, …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
54%
“online store targeting ( 46. 30 % ), while apac and europe display a more even spread across all three categories, pointing to diversified attack strategies. these variations suggest that attackers are not operating uniformly but are instead adapting campaigns to regional digital…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
43%
“with web services ( 16. 15 % ), online games ( 14. 58 % ), and online stores ( 14. 17 % ) leading globally. compared to 2024, the rise of online games and the decline of social networks and banks indicate that attackers are increasingly targeting environments where users are more…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1598Phishing for Information
42%
“with web services ( 16. 15 % ), online games ( 14. 58 % ), and online stores ( 14. 17 % ) leading globally. compared to 2024, the rise of online games and the decline of social networks and banks indicate that attackers are increasingly targeting environments where users are more…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1598Phishing for Information
36%
“online store targeting ( 46. 30 % ), while apac and europe display a more even spread across all three categories, pointing to diversified attack strategies. these variations suggest that attackers are not operating uniformly but are instead adapting campaigns to regional digital…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1598Phishing for Information
35%
“##rency - related databases, are among the most popular. compilations aimed at specific user groups, such as the elderly or wealthy people, are also of interest to cybercriminals. usually, thematic databases contain personal information about users, such as names, phone numbers, …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
In this report, Kaspersky experts share their insights into the 2025 financial threat landscape, including regional statistics and trends in phishing, PC malware, and infostealers.