SonicWall Research Finds Financial Services Running Overdrawn on Cyber Defenses as Attack Intensity Outpaces Every Other Tracked Industry

New Financial Services Research Documents 42 million Hits Against Legacy Infrastructure, and Ransomware Families Targeting Institutions 

MILPITAS, Calif. — July 8, 2026 — SonicWall today released its 2026 Financial Services Protect Brief, a vertical-specific companion to the SonicWall 2026 Cyber Protect Report, revealing that financial services organizations face more cyberattack attempts per device than any other industry SonicWall tracks, more than double the cross-sector average, and that the sophistication and persistence of those attacks reflects a deliberate targeting calculation, not random exposure.

Every year, attacks look more sophisticated. In some ways they are; AI has made them faster, cleaner, and harder to spot at a glance. But the underlying methods have not changed. Attackers are still walking through the same unlocked doors. In financial services, they have simply become more deliberate about which doors they choose, focusing effort where the payoff is highest rather than casting a wide net.

"Financial services is not the most targeted vertical because attackers are indiscriminate," said Michael Crean, SonicWall SVP of Managed Services. "It's one of the most heavily targeted industries because the incentives are obvious. Financial institutions hold some of the world's most valuable data, operate under intense regulatory scrutiny, and have virtually no tolerance for downtime. Many also depend on legacy infrastructure that hasn't kept pace with today's threat landscape. That combination doesn't just increase risk, it draws highly organized adversaries who deliberately study these environments and exploit the weaknesses they already know are there.”

SonicWall's Financial Services Protect Brief draws on data from SonicWall's global network of more than one million security sensors to document the specific attack patterns, legacy vulnerabilities, and ransomware campaigns defining the financial services threat landscape in the first half of 2026.

Key Findings from the 2026 SonicWall Financial Services Protect Brief

  • Financial services saw 132,378 IPS hits per device in first half of 2026—the highest attack intensity of any industry SonicWall tracks.
  • The GoodTech Telnet Server Buffer Overflow vulnerability generated 42.2 million detection events, pointing to legacy banking and payment systems that still expose Telnet services to active exploitation.
  • Log4Shell remains a major problem, generating 35.6 million detection events more than two years after disclosure as attackers continue targeting unpatched Java-based banking and payment applications.
  • Heartbleed hasn't disappeared either. Despite being disclosed more than a decade ago, firewalls are still detecting attempts to exploit the vulnerability.
  • Ten ransomware families were active against the sector, including REvil (Sodinokibi) and Prometheus, both known for targeting financial organizations.
  • Malware activity averaged 39,341 hits per firewall, giving financial services the second-highest per-device malware intensity of any industry, behind only healthcare.

The Architecture Problem Has a Known Solution
The vulnerabilities documented in the Financial Services Protect Brief are well understood, and the controls that address them exist. What creates the gap between known risk and resolved risk in financial services is the same as in every heavily regulated industry: legacy infrastructure that cannot be patched without business disruption, and access models built for a world in which the perimeter was a meaningful concept.

SonicWall Cloud Secure Edge addresses the architectural problem directly. Zero Trust Network Access applies verification at the application level, not the network level. A credential validates access to a specific application, not to the environment behind it. Identity and device posture are verified continuously, not just at login. A stolen credential from a phishing campaign or a credential-stuffing attack no longer unlocks the network. It unlocks a single application, with no lateral path to payment systems, transaction records, or adjacent infrastructure.

For financial institutions managing third-party vendor access, partner integrations, and remote workforce access across regulated environments, the shift from broad VPN-based access to application-level Zero Trust is not a feature upgrade. It is an architectural change that removes the conditions that make credential compromise consequential.

To learn more, visit SonicWall at www.sonicwall.com.  

About SonicWall
For more than 30 years, SonicWall has championed a partner-first model that combines purpose-built technology, cloud-delivered security services and real-time threat intelligence to help businesses prevent breaches, reduce risk and stay operational in the face of evolving modern threats. We are committed to deliver the best security outcomes for our customers where others deliver features and functions.  Through its unified cybersecurity portfolio and global community of over 17,000 partners, SonicWall enables managed service providers to actively manage, continuously optimize and measurably protect networks, cloud environments, endpoints and applications. The company is redefining cybersecurity around outcomes that matter to business leaders, including breach prevention, compliance achievement, cost efficiency and reduced human error, because protection is not about what a product can do but about what it actually delivers.

Latest Stories

  • SonicWall、新しいNSv XS仮想ファイアウォールでGen 8プラットフォームをクラウドに拡張し、ワークロードが実行されるあらゆる場所でMSPとMSSPがマネージドセキュリティを提供できるように支援
    カリフォルニア州ミルピタス — 2026年5月12日 — SonicWallは本日、Gen 8 NSv XSの提供を発表しました。Gen 8 NSv XSは、小規模環境や分散環境にマネージドセキュリティを提供するMSPやMSSP専用に設計されたサブスクリプションベースの仮想ファイアウォールです。パートナーは、これまで物理的な境界に提供してきたGen 8による保護を、継続的収益を考慮した価格帯で仮想...
    Read More
  • SonicWall、年次調査を中小企業の保護の成果を軸に再構築――2026年版サイバー保護レポートで「七つの大罪」を明らかに
    カリフォルニア州ミルピタス —2026年3月31日 — SonicWallは本日、2026年版SonicWallサイバー保護レポートのリリースを発表しました。本レポートは、従来の脅威レポートから、ビジネスリーダーにとって非常に重要な事項である保護の成果を重視する内容へと大きく転換するものです。レポートの中心となっているのは、真剣な対応が求められる調査結果です。ほとんど...
    Read More
  • SonicWall、SecureFirstパートナープログラムを更新し、パートナーの成長と収益性を促進する新たなイネーブルメント施策を提供
    カリフォルニア州ミルピタス — 2026年3月12日 — SonicWallは本日、SecureFirstパートナープログラムに対する重要な更新を発表しました。この更新は、新たなイネーブメント施策を導入し、パートナーが運用の複雑さや人員の増加を伴うことなく、予測可能な成長を促進し、継続的な収益を拡大し、より強力なサイバーセキュリティの成果を顧客に提供できるよ...
    Read More