SonicWall Research Finds Financial Services Running Overdrawn on Cyber Defenses as Attack Intensity Outpaces Every Other Tracked Industry

SonicWall Research Finds Financial Services Running Overdrawn on Cyber Defenses as Attack Intensity Outpaces Every Other Tracked Industry

PR Newswire

New Financial Services Research Documents 42 million Hits Against Legacy Infrastructure, and Ransomware Families Targeting Institutions

MILPITAS, Calif., July 8, 2026 /PRNewswire/ — SonicWall today released its 2026 Financial Services Protect Brief, a vertical-specific companion to the SonicWall 2026 Cyber Protect Report, revealing that financial services organizations face more cyberattack attempts per device than any other industry SonicWall tracks, more than double the cross-sector average, and that the sophistication and persistence of those attacks reflects a deliberate targeting calculation, not random exposure.

SonicWall

Every year, attacks look more sophisticated. In some ways they are; AI has made them faster, cleaner, and harder to spot at a glance. But the underlying methods have not changed. Attackers are still walking through the same unlocked doors. In financial services, they have simply become more deliberate about which doors they choose, focusing effort where the payoff is highest rather than casting a wide net.

“Financial services is not the most targeted vertical because attackers are indiscriminate,” said Michael Crean, SonicWall SVP of Managed Services. “It’s one of the most heavily targeted industries because the incentives are obvious. Financial institutions hold some of the world’s most valuable data, operate under intense regulatory scrutiny, and have virtually no tolerance for downtime. Many also depend on legacy infrastructure that hasn’t kept pace with today’s threat landscape. That combination doesn’t just increase risk, it draws highly organized adversaries who deliberately study these environments and exploit the weaknesses they already know are there.”

SonicWall’s Financial Services Protect Brief draws on data from SonicWall’s global network of more than one million security sensors to document the specific attack patterns, legacy vulnerabilities, and ransomware campaigns defining the financial services threat landscape in the first half of 2026.

Key Findings from the 2026 SonicWall Financial Services Protect Brief

  • Financial services saw 132,378 IPS hits per device in first half of 2026—the highest attack intensity of any industry SonicWall tracks.
  • The GoodTech Telnet Server Buffer Overflow vulnerability generated 42.2 million detection events, pointing to legacy banking and payment systems that still expose Telnet services to active exploitation.
  • Log4Shell remains a major problem, generating 35.6 million detection events more than two years after disclosure as attackers continue targeting unpatched Java-based banking and payment applications.
  • Heartbleed hasn’t disappeared either. Despite being disclosed more than a decade ago, firewalls are still detecting attempts to exploit the vulnerability.
  • Ten ransomware families were active against the sector, including REvil (Sodinokibi) and Prometheus, both known for targeting financial organizations.
  • Malware activity averaged 39,341 hits per firewall, giving financial services the second-highest per-device malware intensity of any industry, behind only healthcare.

The Architecture Problem Has a Known Solution

The vulnerabilities documented in the Financial Services Protect Brief are well understood, and the controls that address them exist. What creates the gap between known risk and resolved risk in financial services is the same as in every heavily regulated industry: legacy infrastructure that cannot be patched without business disruption, and access models built for a world in which the perimeter was a meaningful concept.

SonicWall Cloud Secure Edge addresses the architectural problem directly. Zero Trust Network Access applies verification at the application level, not the network level. A credential validates access to a specific application, not to the environment behind it. Identity and device posture are verified continuously, not just at login. A stolen credential from a phishing campaign or a credential-stuffing attack no longer unlocks the network. It unlocks a single application, with no lateral path to payment systems, transaction records, or adjacent infrastructure.

For financial institutions managing third-party vendor access, partner integrations, and remote workforce access across regulated environments, the shift from broad VPN-based access to application-level Zero Trust is not a feature upgrade. It is an architectural change that removes the conditions that make credential compromise consequential.

To learn more, visit SonicWall at www.sonicwall.com.  

About SonicWall
For more than 30 years, SonicWall has championed a partner-first model that combines purpose-built technology, cloud-delivered security services and real-time threat intelligence to help businesses prevent breaches, reduce risk and stay operational in the face of evolving modern threats. We are committed to deliver the best security outcomes for our customers where others deliver features and functions.  Through its unified cybersecurity portfolio and global community of over 17,000 partners, SonicWall enables managed service providers to actively manage, continuously optimize and measurably protect networks, cloud environments, endpoints and applications. The company is redefining cybersecurity around outcomes that matter to business leaders, including breach prevention, compliance achievement, cost efficiency and reduced human error, because protection is not about what a product can do but about what it actually delivers.

Cision View original content to download multimedia:https://www.prnewswire.com/news-releases/sonicwall-research-finds-financial-services-running-overdrawn-on-cyber-defenses-as-attack-intensity-outpaces-every-other-tracked-industry-302820310.html

SOURCE SonicWall Inc.