In the Kaspersky Security Bulletin: Crimeware and financial cyberthreats in 2025 report, the company’s experts shared their vision for the financial cybersecurity landscape evolution in 2025. One of the trends indicated in the report is that, as the number of attacks with traditional banking or financial malware for PCs decreases, financial cyberthreats for smartphones rise. In 2024, according to anonymised Kaspersky telemetry, the number of users affected by mobile financial threats increased two-fold (102%) globally compared to 2023. This trend is expected to continue in 2025.

In 2025, more advancements in ransomware techniques are anticipated:

1. Ransomware will covertly manipulate or introduce erroneous data into databases rather than merely encrypting data. Even if decrypted, this “data poisoning” technique casts doubt on the accuracy of the complete dataset of a business.
2. Advanced ransomware organisations will start using post-quantum cryptography as quantum computing develops. The encryption techniques used by this “quantum proof” ransomware are designed to withstand decryption attempts from classical and quantum computers, making it nearly impossible for victims to decrypt their data.
3. Ransomware-as-a-service is projected to grow: less experienced actors will be able to launch sophisticated attacks with kits as inexpensive as US$40, increasing the number of occurrences.

A surge in attacks based on stolen information is also expected in 2025. Popular stealers such as Lumma, Vidar, Redline and others will withstand the pressure from law enforcement – and adapt and adopt new techniques. New players will appear and all stolen information will be used.

Other important predictions include:

• Attacks against central banks and open banking initiatives. These will be attacks on instant payment systems run by central banks and, as a result, cybercriminals may gain access to sensitive data.
• Increase in supply-chain attacks on open-source projects. Following the XZ backdoor incident, the open-source community is likely to uncover new attack attempts and backdoors that have been previously successfully implanted.
• More AI and machine learning on the defence side. We will see AI increasingly adopted in cyber defence to accelerate anomaly detection, reduce analysis time through predictive capabilities, automate response actions and strengthen policies to counter emerging threats.
• Appearance of new blockchain-based threats. New blockchain protocols will emerge due to the need for a secure and private network based on blockchain and peer-to-peer technology. As a result, new malware developed using these obscure protocols will be distributed and used with various purposes.

“In 2025 and beyond, resilience against financial cyberthreats will demand robust security measures from individual users and businesses. The best defence will combine threat intelligence, predictive analytics, continuous monitoring and a zero-trust mindset to safeguard critical data and operations from sophisticated attackers. It is also important to organise regular cyber-training programmes for employees and warn them about potential cyberthreats as uninformed staff are among the most common initial attack vectors that can lead to serious financial losses for an organisation,” said Fabio Assolini, head of the Latin American unit of the Global Research and Analysis Team (GReAT) at Kaspersky.

The Kaspersky Security Bulletin is an annual series of end-of-year predictions and analytical reports on key developments within the cybersecurity landscape. Last year, most of Kaspersky experts’ predictions for the evolution of crimeware and financial cyberthreats in 2024 turned out to be true. These included an increase in AI-powered cyberattacks, a surge in fraudulent schemes targeting direct payment systems, a rise in open-sourced backdoored packages and more sophisticated ransomware techniques, among others.