SecurityBrief Ireland - Technology news for CISOs & cybersecurity decision-makers
Ireland
Financial services faces most cyberattacks per device

Financial services faces most cyberattacks per device

Mon, 13th Jul 2026 (Today)
Sean Mitchell
SEAN MITCHELL Publisher

SonicWall has published research showing that financial services faces more cyberattack attempts per device than any other industry it tracks. In the first half of 2026, the sector recorded more than double the cross-industry average.

The findings come from SonicWall's Financial Services Protect Brief, based on data from a network of more than one million security sensors. The study examines attack patterns, longstanding software weaknesses and ransomware activity affecting banks, payment providers and other financial institutions.

Financial services recorded 132,378 intrusion prevention system hits per device in the first six months of the year, the highest attack intensity of any sector SonicWall monitors.

One of the most striking findings was the continued exploitation of older technology. The GoodTech Telnet Server Buffer Overflow vulnerability accounted for 42.2 million detection events, suggesting that internet-facing legacy systems are still being probed at scale.

Another longstanding flaw, Log4Shell, generated 35.6 million detection events. Although the vulnerability was disclosed more than two years ago, the figures suggest attackers are still targeting unpatched Java-based applications used in banking and payment environments.

Heartbleed, first disclosed more than a decade ago, also remains in circulation. Firewalls continue to detect attempts to exploit the vulnerability, underlining the persistence of attacks against weaknesses many organisations might have been expected to address years ago.

Legacy exposure

The report argues that the issue is not a lack of awareness, but the difficulty of fixing these vulnerabilities inside regulated organisations with ageing systems. Financial institutions often rely on infrastructure that cannot easily be patched or replaced without disrupting core business operations.

That creates a gap between known risks and practical remediation, especially in environments with strict uptime requirements and complex technology estates. In financial services, even minor changes to production systems can carry operational and compliance consequences.

Malware activity also remained heavy across the sector. Financial services averaged 39,341 malware hits per firewall, giving it the second-highest malware intensity per device of any industry tracked, behind healthcare.

Ransomware formed another part of the threat picture. SonicWall identified 10 ransomware families active against the sector, including REvil, also known as Sodinokibi, and Prometheus, both associated with attacks on financial organisations.

The report suggests attackers are choosing targets selectively rather than indiscriminately. Financial firms hold sensitive personal and commercial data, process large volumes of payments and operate under close regulatory oversight, all of which can increase pressure to restore systems quickly after an incident.

Michael Crean, Senior Vice President of Managed Services at SonicWall, said those incentives help explain the sector's appeal to attackers. "Financial services is not the most targeted vertical because attackers are indiscriminate," he said.

"It's one of the most heavily targeted industries because the incentives are obvious. Financial institutions hold some of the world's most valuable data, operate under intense regulatory scrutiny, and have virtually no tolerance for downtime. Many also depend on legacy infrastructure that hasn't kept pace with today's threat landscape. That combination doesn't just increase risk, it draws highly organized adversaries who deliberately study these environments and exploit the weaknesses they already know are there."

Access controls

Alongside the research, SonicWall argued that access architecture remains a central weakness in many financial environments. It pointed to older perimeter-based network models and broad virtual private network access as structures that can increase the damage caused by stolen credentials.

A zero-trust approach, in which users are granted access to specific applications rather than wider networks, would reduce lateral movement after a compromise, according to SonicWall. Under that model, user identity and device posture are checked continuously rather than only at sign-in.

For banks and other financial groups, this is particularly relevant in environments that include third-party suppliers, external partners and remote workers. These arrangements can widen the attack surface, especially when access rights extend beyond the systems needed for a single task.

The research adds to a broader cybersecurity pattern in which old weaknesses remain productive for attackers even as new tools, including AI-assisted methods, make campaigns faster and harder to detect. In that sense, the report points less to novel vulnerabilities than to the persistence of technical debt across one of the world's most tightly regulated industries.

SonicWall said attackers' underlying methods have not fundamentally changed, but financial services has become a more deliberate target because "attackers are still walking through the same unlocked doors."