Financial services sector faces highest cyberattack intensity across industries: Sonicwall report

Financial services organisations experienced the highest volume of cyberattack attempts per device among all industries tracked by SonicWall during the first half of 2026, according to the company’s latest Financial Services Protect Brief.

The report, which supplements SonicWall’s 2026 Cyber Protect Report, found that the sector recorded an average of 132,378 intrusion prevention system (IPS) hits per device, more than double the cross-industry average. The findings are based on telemetry collected from SonicWall’s global network of more than one million security sensors.

According to the report, financial institutions continue to face sustained attacks targeting long-known vulnerabilities and legacy infrastructure. The GoodTech Telnet Server Buffer Overflow vulnerability generated 42.2 million detection events during the reporting period, suggesting that legacy banking and payment systems exposing Telnet services remain active targets.

The report also found that Log4Shell continues to be widely exploited, generating 35.6 million detection events more than two years after the vulnerability was disclosed. SonicWall said attackers continue to target unpatched Java-based banking and payment applications. Exploitation attempts involving the Heartbleed vulnerability, first disclosed in 2014, were also detected, indicating that outdated systems remain exposed.

Ransomware activity remained persistent, with ten ransomware families observed targeting financial services organisations during the first half of the year. These included REvil (Sodinokibi) and Prometheus, both of which have previously targeted the sector. Financial services also recorded an average of 39,341 malware detections per firewall, making it the second-most targeted industry for malware activity after healthcare.

Commenting on the findings, Michael Crean, Senior Vice President of Managed Services at SonicWall, said financial institutions continue to attract organised cybercriminal groups because they manage high-value data, operate under strict regulatory requirements and often rely on legacy infrastructure that is difficult to modernise without disrupting business operations.

The report also highlights the security challenges posed by legacy systems and traditional network access models. SonicWall said many of the vulnerabilities identified are well understood and can be mitigated using existing security controls, but implementation is often constrained by operational and regulatory requirements. The company recommends adopting Zero Trust Network Access (ZTNA) architectures to limit lateral movement within networks and reduce the impact of compromised credentials, particularly for organisations managing remote users and third-party access.

reportsecuritySonicWALL
Comments (0)
Add Comment