With 211 attacks the sector Financewhich includes financial companies, banking institutions and cryptocurrency platforms, is among the realities most affected by computer attacks in the first quarter of 2025. This is what emerges from the “Thret Intelligence Report” ofCybersecurity Observatory of Expriviabased on the analysis of 179 open sources, including sites of affected companies, web portals of national interest, online printing agencies, blogs and social media. According to the report, in the first quarter of 2025 a third of the cases have occurred during the entire previous year, i.e. 862 phenomena including attacks, accidents and violations of privacy (+54% Compared to the first quarter 2024): specifically, they are 630 attacks, 217 accidents, that is, well -ended attacks, and 15 privacy violations. The report notes that the 40% of cybercrime accidents was conducted through techniques of Artificial intelligencewhich is confirmed as a key tool for modern IT attacks.
Nitrogen, the ransomware that the finance likes
Among the emerging threats in the panorama of the ransomware figure Nitrogen. Officially entered the panorama of threats on 30 September 2024 Nitrogen – as reported by Cybersecurity 360 – started a focus on finance. Between the month of September and the month of November 2024, the Nitrogen group hit the infrastructures of the SRP Federal Credit Union, the Financial Cooperative of the Carolina of the South, cheering 650 GB of data about approximately 240 thousand customers. “After encrypting the Nitrogen files – explains Cybersecurity 360 – releases a redemption note with the instructions to follow within 3 days for redeemunder penalty of publication of exfiltral data. As a vector of infection
Nitrogen exploits malvertising campaigns on search engines and directs users towards fraudulent sites that offer malicious versions of legitimate software. Once the compromised software is installed, the ransomware is activated by encrypting the data and establishing a persistent presence in the system “.
The most affected sectors
Between January and March, the podium of the Software/hardware sectors more affectedwhich includes ICT companies, digital services, e-commerce platforms, devices and operating systems, with 226 cases, and the Finance sector. Rises to third place with 115 attacks on retail sectoror commercial activities that provide consumer goods and services, through physical or virtual stores, due to the high number of online transactions and the daily management of sensitive data. Following, the public administration, with 107 cases, increased compared to the same period of 2024 (68 cases).
Types of attack
In the first three months, the Malware attacksor harmful software that compromise or interrupt the use of devices, remain the main type of attack With 394 cases, equal to about 46% of the total. In particular, malware are the type of attack that is most frequently found in threats directed to the financial sector. Albeit slightly decreasing, the Phishing and social engineering techniquesor the online or email adaptation of unaware users, record 281 phenomena. To follow, with 116 cases and an exponential increase of about 200% compared to the same quarter of 2024, the DDOS type attackswhich cause the interruption of service to the detriment of critical infrastructures, public administrations, banks and other Italian bodies. This peak, on the basis of what emerges from the Exprivia report, is mainly linked to the offensive ideological and political activists whose frequency has significantly increased.
The objectives of the hackers
For the most part, hackers techniques aim for data theft – 70% of cases out of 862 recorded in the first quarter 2025 – which confirm the most coveted resource. Personal, financial or owners information – such as password, software codes, algorithms or processes – They are illegally subtracted and transferred, often through phishing and malware campaigns. The reasons behind these attacks include industrial espionage, sabotage and sale of data on the black market. Following, among the main damage caused by cyber criminals, figure the interruption of service – or the blocking of networks, applications or software that in most cases put at risk essential services for the company – with 117 cases increasing compared to the 44 cases recorded in the same period of the previous year. With 100 cases (over 11% of the phenomena) it remains stable in the ranking on redemption of money.
