Q1 Threat Landscape Report: Financial Sector

| Ransomware & Digital Extortion (R&DE)

• In Q1 2025, the financial sector was targeted in approximately three percent of European R&DE incidents, equating to at least 12 attacks. This is a slight decrease from the four percent of Q4 2024, though this is unlikely reflective of decreased intent.
• Europe-based entities accounted for approximately 14 percent of all R&DE attacks targeting the financial sector. This is slightly below targeting proportions from across the threat landscape.
• Some collectives have over targeted the sector, though the majority of their victims are based in North America.

| Malware

• LummaC2 was the most commonly-observed information stealer targeting Europe-based financial services in Q1 2025.
• Similar to other information-stealing malware, LummaC2 is operated in underground deep and dark web forums as a malware-as-a-service (MaaS), and seeks to target user credentials and cryptocurrency wallets.

| Social Engineering

Threat actors continue to evolve and harness new and novel social engineering techniques to gain initial network access.

Many organizations rely upon two-factor authentication solutions that no longer offer adequate protection against bypass methods such as open authorization abuse, MFA fatigue, or sim swapping.

The phishing-as-a-service (PhaaS) marketplace continues to professionalize, leading to more accessible and cheaper malicious kits being available to would-be threat actors.

Generative AI is enhancing the way that social engineering is conducted, both by increasing the apparent authenticity of low effort, mass phishing communications, and enhancing high effort attacks that leverage deep-fake and voice cloning technology. 

| Initial Access Brokers (IABs)

• Europe accounted for approximately 21 percent of all IAB sales that took place in Q1 2025, which is in line with the average observed throughout 2024.
• Of IAB sales that targeted Europe-based entities, approximately four percent targeted the financial sector, slightly less than the global average.
• The average value of an IAB targeting Europe-based financial organizations was approximately USD 3700, slightly higher than that of other industries and indicative of increased perceived profitability.

Scope Note: ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 09:00 AM (EST) on April 30, 2025; per cyber hygiene best practices, caution is advised when clicking on any third-party links.