Attacks on Financial Institutions Increase by 13%

February 5, 2025

A recent report from Contrast Security reveals that cyber attacks on financial institutions have seen a significant surge in destructive attacks. The report indicates that over half, specifically 54%, of global financial institutions experienced cyber attacks in which data was destroyed by adversaries. This number represents a notable 12.5% increase from the previous year. Interestingly, the report highlights that threat actors are not just destroying data for the sake of sabotage or service disruption but are utilizing these destructive attacks to cover their tracks.

The Modern Bank Heists Report 2025 from Contrast Security emphasized that cybercriminals in the financial sector often employ destructive attacks to burn evidence as part of a counter-incident response. Destructive malware variants are designed to disrupt or degrade victim systems through actions like encrypting files, deleting data, destroying hard drives, terminating connections, or executing malicious code.

Furthermore, the report pointed out that two-thirds, equivalent to 64%, of respondents admitted that their institution had encountered cyber incidents in the past year. Although 94% of them claimed to have successfully detected and responded to these attacks, a concerning finding was that 46 “impactful” attacks per month managed to bypass web application firewalls (WAFs).

Cloud environments and APIs emerged as the most common attack vectors, with 71% of respondents expressing that zero-day threats are a major concern in safeguarding apps and APIs. Apart from destroying data, adversaries are also looking to steal and monetize it. About two-thirds of respondents mentioned that they had observed threat actors trying to steal non-public market information that could be used for purposes like insider trading and “shoxing.”

Additionally, the report highlighted that 48% of respondents experienced an increase in customer account takeovers in 2024, while 43% fell victim to “island hopping” attacks, where threat actors use unauthorized access within a bank to target customers and partners. Tom Kellermann, Contrast Security’s cybersecurity advisor, emphasized that as tactics and motives evolve, financial institutions need to enhance their protection mechanisms. He stressed the importance of continuous monitoring of the application layer for behavioral anomalies, recommending the implementation of application defense and response (ADR) to block attacks in production and detect vulnerabilities in apps and APIs.