Amid increased scrutiny of IT contractors, hackers are increasingly shifting their focus to bank branches and legacy systems. According to experts, such infrastructure elements can become more vulnerable entry points for attacks on the entire banking ecosystem.
According to RED Security SOC, banks have started to more frequently check IT companies that have direct access to banking infrastructure. In the first four months of 2026, the share of such credit organizations increased by 6 percentage points, reaching 24%.
As Vladimir Zuev, Technical Director of the RED Security SOC Cyberattack Monitoring and Response Center, explained, banks are increasingly including information security requirements in contracts and tenders, and also requesting audit results and security checks from potential partners.
But there is a limitation: a bank cannot simply check a contractor's infrastructure without their consent. Alexey Pleshkov, Deputy Head of the Information Protection Department at Gazprombank, noted that IT companies often put forward counter-conditions, making it difficult for banks to fully confirm their level of protection.
For a long time, contractors were a convenient entry point for hackers. According to experts, they are often easier to hack because they perform narrow tasks and do not always have a large budget for their own cybersecurity. Through such a company, attackers can try to get into sensitive bank systems.
According to the Solar 4RAYS Cyber Threat Research Center of GK "Solar", in 2025, the share of complex cyberattacks that began with contractor breaches quadrupled, reaching 24%.
But while attention to contractors is growing, another risk is intensifying – branches. According to RED Security SOC, the share of banks where the level of protection of regional offices remained at the level of the head office decreased by 8 percentage points – to 52%.
Experts attribute this to a shortage of personnel and lower information security maturity in branch networks. Hackers are increasingly looking for opportunities to hack the cyber infrastructure of regional offices.
Andrey Fedorets, Head of the Information Security Committee of the Association of Russian Banks, believes that the branch network is indeed maintained worse in terms of IT quality and information security, but this level, according to some experts, is generally sufficient.
A separate problem is banks' old proprietary IT systems. According to RED Security SOC, 55% of banks use only legacy in-house developed systems in their infrastructure, which are not updated and do not always meet modern cybersecurity requirements.
Such systems may contain unique functions, but along with them, unpatched vulnerabilities. Through them, attackers can penetrate the internal network, gain access to client financial data, or disrupt payment services. In 2025, fraudsters stole 29.3 billion rubles from bank accounts.
