Positive Technologies identifies key cyberthreats for financial companies in 2025–2026 - Middle East Business News and Information
Positive Technologies has outlined the major cyberthreats that the financial sector may face in the coming years. These include ransomware attacks, malicious use of QR codes, exploitation of API vulnerabilities, DDoS campaigns, and attacks targeting suppliers and partners. These conclusions are based on the company's analysis of security incidents and publicly available data concerning threats to banks and other financial institutions.
The financial sector remains one of the top five most targeted industries by cybercriminals, according to Positive Technologies data for the period from 2024 to Q1 2025. In 67% of successful cyberattacks, attackers stole data and used it to blackmail victims by threatening to delete or expose the information. Another 26% of incidents caused operational disruptions, while 5% resulted in financial theft.
Social engineering was used in 57% of successful cyberattacks on financial organizations in 2024. Positive Technologies analysts predict that such incidents will continue to rise as cybercriminals leverage the generative capabilities of artificial intelligence (AI) to craft convincing phishing emails. On the defensive side, security teams are also expected to use AI to detect AI-generated malicious content.
The growing use of application programming interfaces (APIs) poses significant risks. Without adequate security measures, APIs could become an entry point for cybercriminals. This risk is exacerbated by the proliferation of shadow APIs, which often lack proper protection, and the widespread adoption of AI in the financial sector. According to a report by Wallarm, the number of vulnerable AI-enabled APIs increased tenfold in 2024.
Another key cyberthreat in 2025–2026 will be the growing number of attacks on contractors and suppliers. Cybercriminals are likely to target less secure partners to gain access to larger financial organizations. Small and medium-sized businesses may also be affected, especially if attackers fail to reach their main targets.
Roman Reznikov, Cybersecurity Research Analyst at Positive Technologies, says: 'Cybercriminals continue to exploit legitimate and widely used tools in fraudulent schemes. For example, attacks involving QR codes have become more frequent. Hackers replace legitimate QR codes with malicious ones in public spaces and bypass email security by taking advantage of the difficulty in detecting QR codes within messages. In the future, we may see malware capable of altering QR codes directly on device screens during payment. That's why it's important to be careful with QR codes and avoid scanning ones from unknown or suspicious sources. At the same time, defensive measures are evolving too. For instance, a company can protect itself from emails containing malicious QR codes by using PT Sandbox, which identifies QR codes in email images and attachments, extracts the embedded links, and checks them for malicious activity.'
The access-as-a-service market presents another serious challenge. Positive Technologies reports that nearly 9% of dark web listings for access sales are related to the financial sector. This market is expected to grow as new technologies lower the barriers to entry into cybercrime. Inexperienced attackers may sell discovered access points to more skilled cybercriminals.
Ransomware attacks are also projected to increase. Cybercriminals have begun demanding ransoms lower than the potential fines for data breaches. Analysts anticipate this tactic will become more common in countries with turnover-based fines such as Russia, Brazil, and China.
DDoS campaigns will continue to pose a significant threat to the financial sector in 2025. Hackers are expected to create massive botnets of compromised IoT devices and use AI to launch adaptive attacks that respond to victims' countermeasures.
To protect against these evolving threats, financial organizations must adopt a comprehensive cybersecurity strategy built on advanced tools, including: next-generation firewalls (NGFWs) like PT NGFW to prevent cyberattacks and enforce security policies; web application firewalls (WAFs) such as PT Application Firewall for detecting and blocking attacks, including threats from the OWASP Top 10 list; SIEM systems, including tools like MaxPatrol SIEM, to identify malicious activity across infrastructure and endpoints, integrated with EDR solutions like MaxPatrol EDR. In addition, sandboxes (such as PT Sandbox) and NTA or NDR systems (like PT NAD) should be used to protect against malware and detect hacker movement within the network.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Mid East Info
5 days ago
- Mid East Info
Apple thanks Positive Technologies for discovering a vulnerability in its Shortcuts app - Middle East Business News and Information
PT SWARM expert Egor Filatov found a critical vulnerability in Shortcuts, a built-in macOS app that streamlines device management by automating repetitive user actions. If successfully exploited, the security flaw could allow an attacker to gain full control over the device, including the ability to read, edit, and delete any data. If the compromised device happens to be a laptop connected to a corporate network, the attacker could also infiltrate the internal company infrastructure. The vulnerability, tracked as BDU:2025-02497 and rated 8.6 out of 10 on the CVSS 3.0 scale, affects Shortcuts 7.0 (2607.1.3). The vendor was notified of the threat in line with the responsible disclosure policy and has already released a software patch . Users are advised to upgrade to macOS Sequoia 15.5 or later. If updating the OS is currently not possible, Positive Technologies recommends users to pay close attention to the downloaded shortcuts before running them or avoid using them altogether. The Shortcuts app was introduced with macOS Monterey back in 2021 and has been supported in macOS Ventura, Sonoma, and Sequoia versions over the past four years. With the app, users can create shortcuts to automate various tasks, such as starting a timer, playing music, or converting text to audio. Users also have access to macros that provide ready-made shortcuts. A threat actor could leverage this functionality by uploading infected templates to the library. For the security flaw to be exploited, it would be enough for the victim to inadvertently run a malicious macro on their device. 'An attacker could exploit this vulnerability to target any Shortcuts user,' said Egor Filatov, Junior Mobile Application Security Researcher at Positive Technologies. 'Before remediation, the vulnerability allowed an attacker to bypass macOS security mechanisms and execute arbitrary code on the victim's system.' According to the expert, the potential consequences of successful attacks include the following: Theft of confidential data or deletion of valuable information Malware execution Installation of backdoors aimed at maintaining access to the system even after vulnerability patching Ransomware infection Disruption to the organization's business processes (if a corporate device is compromised) Positive Technologies experts have been studying Apple products for over a decade. In 2018, Maxim Goryachy and Mark Ermolov, while looking for security flaws in Intel Management Engine, found a firmware vulnerability ( CVE-2018-4251 ) affecting personal computers made by Apple and other manufacturers. In 2017, Timur Yunusov warned the community about multiple security gaps he discovered in Apple Pay: by exploiting the vulnerabilities, attackers could compromise users' bank cards and make unauthorized payments on external resources. Before that, another Positive Technologies researcher found and helped eliminate a critical vulnerability in the website, which could allow an adversary to conduct a directory traversal attack and gain access to private data. In addition to the macOS version of Shortcuts, there is also an iOS version of the app for mobile devices. To prevent threat actors from infiltrating the corporate network via vulnerable mobile apps, companies should protect their apps against reverse engineering. This can be done with solutions such as PT MAZE , which turns the application into an impenetrable maze, making attacks too resource-intensive for adversaries. Positive Technologies is an industry leader in result-driven cybersecurity and a major global provider of information security solutions. Our mission is to safeguard businesses and entire industries against cyberattacks and non-tolerable damage. Positive Technologies is the first and only cybersecurity company in Russia on the Moscow Exchange (MOEX: POSI), with 220,000 shareholders and counting. Follow us on X , LinkedIn , and in the News section at
Mid East Info
17-06-2025
- Mid East Info
Positive Technologies identifies key cyberthreats for financial companies in 2025–2026 - Middle East Business News and Information
Positive Technologies has outlined the major cyberthreats that the financial sector may face in the coming years. These include ransomware attacks, malicious use of QR codes, exploitation of API vulnerabilities, DDoS campaigns, and attacks targeting suppliers and partners. These conclusions are based on the company's analysis of security incidents and publicly available data concerning threats to banks and other financial institutions. The financial sector remains one of the top five most targeted industries by cybercriminals, according to Positive Technologies data for the period from 2024 to Q1 2025. In 67% of successful cyberattacks, attackers stole data and used it to blackmail victims by threatening to delete or expose the information. Another 26% of incidents caused operational disruptions, while 5% resulted in financial theft. Social engineering was used in 57% of successful cyberattacks on financial organizations in 2024. Positive Technologies analysts predict that such incidents will continue to rise as cybercriminals leverage the generative capabilities of artificial intelligence (AI) to craft convincing phishing emails. On the defensive side, security teams are also expected to use AI to detect AI-generated malicious content. The growing use of application programming interfaces (APIs) poses significant risks. Without adequate security measures, APIs could become an entry point for cybercriminals. This risk is exacerbated by the proliferation of shadow APIs, which often lack proper protection, and the widespread adoption of AI in the financial sector. According to a report by Wallarm, the number of vulnerable AI-enabled APIs increased tenfold in 2024. Another key cyberthreat in 2025–2026 will be the growing number of attacks on contractors and suppliers. Cybercriminals are likely to target less secure partners to gain access to larger financial organizations. Small and medium-sized businesses may also be affected, especially if attackers fail to reach their main targets. Roman Reznikov, Cybersecurity Research Analyst at Positive Technologies, says: 'Cybercriminals continue to exploit legitimate and widely used tools in fraudulent schemes. For example, attacks involving QR codes have become more frequent. Hackers replace legitimate QR codes with malicious ones in public spaces and bypass email security by taking advantage of the difficulty in detecting QR codes within messages. In the future, we may see malware capable of altering QR codes directly on device screens during payment. That's why it's important to be careful with QR codes and avoid scanning ones from unknown or suspicious sources. At the same time, defensive measures are evolving too. For instance, a company can protect itself from emails containing malicious QR codes by using PT Sandbox, which identifies QR codes in email images and attachments, extracts the embedded links, and checks them for malicious activity.' The access-as-a-service market presents another serious challenge. Positive Technologies reports that nearly 9% of dark web listings for access sales are related to the financial sector. This market is expected to grow as new technologies lower the barriers to entry into cybercrime. Inexperienced attackers may sell discovered access points to more skilled cybercriminals. Ransomware attacks are also projected to increase. Cybercriminals have begun demanding ransoms lower than the potential fines for data breaches. Analysts anticipate this tactic will become more common in countries with turnover-based fines such as Russia, Brazil, and China. DDoS campaigns will continue to pose a significant threat to the financial sector in 2025. Hackers are expected to create massive botnets of compromised IoT devices and use AI to launch adaptive attacks that respond to victims' countermeasures. To protect against these evolving threats, financial organizations must adopt a comprehensive cybersecurity strategy built on advanced tools, including: next-generation firewalls (NGFWs) like PT NGFW to prevent cyberattacks and enforce security policies; web application firewalls (WAFs) such as PT Application Firewall for detecting and blocking attacks, including threats from the OWASP Top 10 list; SIEM systems, including tools like MaxPatrol SIEM, to identify malicious activity across infrastructure and endpoints, integrated with EDR solutions like MaxPatrol EDR. In addition, sandboxes (such as PT Sandbox) and NTA or NDR systems (like PT NAD) should be used to protect against malware and detect hacker movement within the network.
Mid East Info
25-03-2025
- Mid East Info
Positive Technologies helps fix a vulnerability in Veeam Service Provider Console - Middle East Business News and Information
The server-side request forgery (SSRF) vulnerability could be used for attacks on internal corporate networks Backup solutions vendor Veeam Software eliminated a vulnerability in Veeam Service Provider Console, a management platform used by backup and disaster recovery service providers. The security flaw CVE-2024-45206 (BDU:2024-1170) was discovered by PT SWARM expert Nikita Petrov. The vendor was notified of the threat in line with the responsible disclosure policy and has already released a software patch. The SSRF vulnerability, rated 6.5 on the CVSS 3.0 scale, affected versions 7.x through 8.0.x. When exploited, this vulnerability could hypothetically expose companies to attacks on internal networks, since it allowed an attacker to send arbitrary HTTP requests to external or internal resources on behalf of the server. To address the vulnerability, users should promptly update to Veeam Service Provider Console version 8.1.0.21377 or later. According to the vendor , Veeam solutions are used by more than 550,000 customers from different countries, including 74% of Forbes Global 2000 companies. According to publicly available search engines, the list of the most active users of Veeam products is headed by the United States, Germany, and France, while UAE ranks 32nd. Veeam has the largest market share among global data replication and protection software vendors and has been named a leader in Gartner's Magic Quadrant for Enterprise Backup and Recovery Software Solutions report for eight years in a row. Veeam Service Provider Console could potentially be attacked directly from the web. As of January 2025, open-source data indicated that there were 2587 vulnerable systems worldwide. The majority of installations are in the United States (26%), Türkiye (20%), Germany and Great Britain (6% each), Canada and France (5% each). 'Before the patch was released, the vulnerability primarily posed a risk to large enterprise segment companies—the main users of Veeam Service Provider Console,' said Nikita Petrov, a Senior Penetration Testing Specialist in the Security Analysis Department, Positive Technologies. 'Attackers could initiate a request from the server to a resource that is not accessible from the outside and gain the ability to interact with it. This would allow them to obtain information about the victim's network infrastructure and thus simplify the implementation and subsequent development of attacks. For example, one possible consequence of the penetration could be the exploitation of vulnerabilities present in internal systems.' This is not the first vulnerability in Veeam Software products that Positive Technologies experts have helped to fix. In 2022, Nikita Petrov discovered two security flaws at once in Veeam Backup & Replication, a popular backup system for automating backup and disaster recovery. Another flaw was discovered in Veeam Agent for Microsoft Windows, a Windows data backup software. To block attempts to exploit SSRF vulnerabilities, Positive Technologies recommends using advanced security solutions, including web application firewalls like PT Application Firewall (also available in the cloud version: PT Cloud Application Firewall). A firewall allows you to protect applications without making changes to them when a company is unable to install a patch released by the vendor. To detect vulnerabilities of this type during software development, you should use a static code analyzer like PT Application Inspector . In addition, NTA solutions, such as PT Network Attack Discovery (PT NAD) , and network traffic analysis tools, like PT NGFW , will help you promptly detect attempts to exploit vulnerabilities within your company's network perimeter. NGFWs go beyond merely detecting exploitation attempts—they prevent them by using an IPS module.
