The financial sector has been a prime target for cybercriminals due to the high-value data and assets it manages. Over the past 27 years, cyberattacks on banks and their customers have evolved in sophistication, scale, and impact. Below is a detailed examination of this evolution, categorized by key time periods.

The evolution highlights the characteristic that this report will focus on, and that is proactivity vs reactivity. Banks have become adept at reacting to new threats, usually following experience with an attack or intelligence from communal discussion groups between banks.

This reflects in internal approaches, which is largely based on reaction to such intelligence, supplemented by vendor offerings although those are not generally highly valued due to cost. Staff operate largely independently and a primary focus is on manual work arounds to simplify personal access to servers and applications, a practice that nullifies and works counter to corporate protocols. A primary tool in this is notepad and other text tools for password and access management. This practise is being superseded by shared password tools such as 1Password but this evolution is sporadic at best, due to practical limitations within the tools relative to daily work.

Whatever the reasons and motivations the evolution of cyberattacks is reactive, and usually related to phishing induced clicks, shared passwords, or vendor back doors.

So I am starting a periodic series of reports in the blog on this topic of cyberattacks and banks/ bank customers. Despite the advent of Palo Alto Networks, Crowdstrike and the likes the gaps remain.

————————

1. Late 1990s to Early 2000s: The Emergence of Cyber Threats

• Nature of Threats: Early cyberattacks were largely experimental or politically motivated. Hackers sought notoriety rather than financial gain. Incidents like the “logic bomb” targeting Yahoo! in 1998 highlighted the vulnerabilities of early internet systems[9].

• Banking Context: Banks were slow to digitize, relying heavily on physical records. Cybersecurity measures were basic, including simple firewalls and antivirus software[1].

• Key Incidents:

• In 1999, banks began facing rudimentary phishing schemes aimed at stealing customer credentials[1].

————————

2. Mid-2000s: Monetization of Cybercrime

• Rise of Organized Cybercrime: Hackers shifted focus from disruption to financial gain. Malware like Zeus and botnets such as Storm enabled large-scale theft through phishing and Distributed Denial-of-Service (DDoS) attacks[1].

• Impact on Banks:

• The TJX breach in 2007 resulted in the theft of 45 million credit card details, costing $41 million in damages[1].

• Regulatory bodies began introducing cybersecurity standards as digital banking gained traction.

• Techniques Used:

• Phishing became a dominant attack vector.

• Ransomware emerged but was less prevalent compared to later years[2].

————————

3. 2010–2020: Growth of Sophisticated Attacks

• Advanced Persistent Threats (APTs): State-sponsored groups and organized crime syndicates targeted banks with highly sophisticated methods such as SQL injections, cross-site scripting (XSS), and local file inclusion (LFI)[5].

• High-profile Incidents:

• The Bangladesh Bank heist in 2016 involved attackers exploiting SWIFT systems to steal $81 million.

• Travelex suffered a ransomware attack in 2020 that disrupted foreign currency services across major banks[4].

• Regulatory Response:

• Governments introduced stringent data protection laws like GDPR (2018) and enhanced cybersecurity frameworks for financial institutions[1].

• Customer Impact:

• Banking trojans like Fakecalls mimicked mobile banking apps to steal sensitive information from customers[8].

————————

4. 2021–2025: Era of Zero-Day Exploits and Ransomware

• Trends:

• Ransomware attacks surged by over 67% between 2023 and 2024, with groups like LockBit targeting financial institutions globally[4].

• Zero-day vulnerabilities became a critical concern as nation-states weaponized these exploits against Western financial systems[7].

• Notable Cases:

• In November 2023, LockBit exposed the data of 57,000 Bank of America customers through a third-party vendor breach[4].

• Evolve Bank & Trust suffered a breach affecting over 7.6 million customers in February 2024[4].

• Evolving Tactics:

• Attackers increasingly targeted APIs, cloud environments, and supply chains rather than directly breaching banks’ systems.

• Social engineering attacks like phishing rose sharply, with finance remaining the most targeted sector[10].

• Defensive Measures:

• Banks adopted AI-driven Security Operations Centers (SOCs) for real-time threat detection.

• Multi-factor authentication (MFA) and end-to-end encryption became standard practices[3].

————————

Key Attack Types Across Eras

Attack Type	Description	Peak Usage Period
Phishing	Fraudulent emails or websites to steal credentials	Mid-2000s–Present
Malware	Malicious software such as banking trojans or ransomware	Early 2000s–Present
Ransomware	Extortion-based attacks locking access to critical systems	Post-2015
DDoS	Overloading servers with traffic to disrupt operations	Mid-2000s–2015
Zero-Day Exploits	Exploiting unknown vulnerabilities in software	Post-2020
Supply Chain Attacks	Targeting third-party vendors to infiltrate primary organizations	Post-2015

————————

Conclusion

The evolution of cyberattacks on banks reflects broader technological advancements and shifts in criminal motives. From rudimentary phishing schemes to sophisticated zero-day exploits, attackers have consistently adapted to new technologies and defenses. Banks have responded by investing heavily in cybersecurity infrastructure and compliance measures; however, the rise of state-sponsored attacks and advanced ransomware campaigns underscores the need for continuous vigilance.

As we move forward, emerging technologies like quantum computing could further transform the threat landscape, necessitating proactive innovation in cybersecurity strategies to protect financial institutions and their customers.

———-

Sources

[1] The 21st-century evolution of cyber security | ICAEW https://www.icaew.com/insights/viewpoints-on-the-news/2023/oct-2023/the-21stcentury-evolution-of-cyber-security

[2] Types of Cyberattacks on Financial Institutions – Fortinet https://www.fortinet.com/solutions/industries/financial-services/types-of-cyberattacks-on-financial-institutions

[3] Top 10 Banking Cybersecurity Case Studies [2025] – DigitalDefynd https://digitaldefynd.com/IQ/banking-cybersecurity-case-studies/

[4] Following the Money: Banking and Cybercrime in 2025 – CybelAngel https://cybelangel.com/banking-cybercrime-2025/

[5] The 6 Biggest Cyber Threats for Financial Services in 2025 | UpGuard https://www.upguard.com/blog/biggest-cyber-threats-for-financial-services

[6] (PDF) Cybersecurity risks in online banking: A detailed review and … https://www.researchgate.net/publication/379428581_Cybersecurity_risks_in_online_banking_A_detailed_review_and_preventive_strategies_applicatio

[7] More destructive cyberattacks target financial institutions https://www.helpnetsecurity.com/2025/02/05/financial-institutions-cybersecurity-incidents/

[8] Timeline of Cyber Incidents Involving Financial Institutions https://carnegieendowment.org/features/fincyber-timeline

[9] List of security hacking incidents – Wikipedia https://en.wikipedia.org/wiki/List_of_security_hacking_incidents

[10] Must-Know Cyberattack Statistics and Trends 2025 – Embroker https://www.embroker.com/blog/cyber-attack-statistics/