What we’re seeing: Cyber threats targeting banks and credit unions in the first half of 2026

That operational visibility is why this report exists. When you monitor banks and credit unions around the clock, you see what is actually happening in the vertical. 

The first half of 2026 has been busy. Real incidents and real lessons for the institutions we protect. 

Three threat categories defined the first half of 2026 for our clients: a social engineering technique called ClickFix that bypasses traditional controls entirely and is mutating fast, a relentless volume of business email compromise (BEC) attacks, and an uptick in insider threat activity that, while rare, carries disproportionate damage potential. 

ClickFix: the most damaging attack we’ve seen this year 

ClickFix is a social engineering technique where users are tricked into copying and pasting a command into their own machine. The lure is usually a fake error message, a CAPTCHA prompt, or a browser “fix” instruction that looks routine. The user believes they are following a safety step. They are, in fact, executing the attack themselves. 

This is not a vulnerability exploit. There is no malicious attachment. There is no link to click. The user becomes the execution engine, and most endpoint protection tools do not flag user-initiated commands the same way they flag unsigned executables or malicious downloads. 

ClickFix attacks surged 517% in the first half of 2025. By early 2026, Recorded Future assessed that ClickFix will very likely remain the dominant initial access vector throughout the year. They were right. We are seeing a large and steady volume of ClickFix attacks across our monitored client base. 

It is mutating 

What makes ClickFix particularly dangerous is how fast the technique is evolving. The original ClickFix lure used the Windows Run dialog. Since then, the security community has tracked named variants including FileFix (targeting File Explorer’s address bar), CrashFix (crashing the browser to trigger a fake security warning), GlitchFix, JackFix, and ConsentFix. Newer variants use DNS TXT records to stage payloads through nslookup commands, replacing the typical PowerShell download chain entirely. One April 2026 variant targets macOS using the applescript:// URL scheme to bypass Terminal and open Script Editor with a pre-loaded malicious script. If any of that was Greek to you, the point is this: the tactic is incredibly versatile and is being adapted and altered quickly by malicious actors. 

The payloads delivered through ClickFix range from credential stealers to remote access tools to ransomware loaders. The operator pool is just as broad. This is not a technique owned by one criminal group. It has been adopted by financially motivated cybercriminals, ransomware affiliates, and nation-state actors alike. When that many different threat actors converge on a single technique, it tells you the technique works. 

What we saw 

In late April 2026, our CTS Ops team identified and analyzed a new ClickFix variant on a monitored endpoint. This one was different from the traditional ClickFix attacks we had been seeing. The malicious software was disguised inside a legitimate-looking software package delivered through Dropbox, and it was written in a way specifically designed to avoid detection. It almost worked. At the time of analysis, not a single commercial antivirus engine flagged either of the two malicious files. The attackers invested heavily in making this variant invisible to conventional security tools. 

The variant connected back to infrastructure linked to a known threat campaign called KongTuke, tracked by researchers since early 2026. The malware was designed to dig in and survive reboots, establishing multiple footholds on the compromised machine to ensure it could maintain access over time. 

Everything about this variant pointed toward ransomware deployment had it not been stopped. The malware’s first action was to map the environment: who is logged in, what privileges do they have, how many machines are on the network, what is running, and what is connected. That is a textbook reconnaissance step before ransomware is deployed across an organization. The Halcyon Ransomware Operations Center confirmed the pattern, reporting a surge in ClickFix-to-ransomware activity in March and April 2026 across multiple ransomware groups. ClickFix is no longer just a technique for stealing credentials. It is becoming a preferred front door for ransomware. 

Where this leaves financial institutions 

Why this matters more at a financial institution than anywhere else: the lateral movement target list is different. When ClickFix lands on an endpoint at a SaaS company, the worst case is data theft and ransomware on the corporate network. When it lands on an endpoint at a bank or credit union, the next-hop targets include the wire room, the ACH origination system, the core processor, and the loan platform. Same technique, categorically worse outcome. The reconnaissance step we observed in the KongTuke variant (mapping logged-in users, privileges, network topology, and connected systems) is the attacker’s first move toward those high-value targets. The window to detect and contain ClickFix at an FI is shorter because the cost of missing it is higher. 

Traditional email security does not stop this. There is no attachment, no URL, no file to scan. The payload arrives through user action in a browser or messaging context. 

Endpoint detection depends on behavioral analysis, not signatures. Both payloads in the variant we analyzed were invisible to signature-based engines. If your endpoint strategy relies on known-bad detection, ClickFix will walk past it. 

User awareness training must evolve. The standard “don’t click suspicious links” message does not cover a scenario where the user is pasting a command they believe is a fix. Training must address the specific ClickFix lure patterns, and that training needs to be updated as fast as the variants do. 

Segment the systems that move money. ClickFix reaches the wire room through lateral movement, not direct attack. Network segmentation between general endpoints and money-movement systems, paired with privileged access management for the people who operate them, makes the worst-case scenario much harder to reach. 

Business email compromise: the steady, heavy drumbeat 

BEC is not new. It is also not slowing down. For our clients, BEC attempts have been a steady and heavy flow throughout the first half of 2026. 

For a bank or credit union, BEC is not a corporate email problem. It is a fraud problem with a cyber entry point. A fraudulent wire that leaves your institution creates legal exposure, a SAR filing obligation, customer harm, and a reputational event in a single transaction. FFIEC expects cyber controls and fraud controls to connect. The IT Handbook treats an institution’s fraud prevention program and information security program as part of the same risk picture, not two parallel disciplines. If your BEC detection lives only in IT and never touches the BSA officer, you have a coverage gap that an examiner will eventually find. 

The FBI’s IC3 2025 Annual Report puts BEC at $3.05 billion in reported losses from just 24,768 complaints. That works out to roughly $123,000 per incident on average. BEC accounted for about 2.5% of complaints but nearly 15% of all reported financial losses, making it the most financially destructive enterprise-targeted cyber threat in the United States. And those are only the reported incidents. 

Total IC3 losses in 2025 reached $20.877 billion, a 26% increase from 2024. Within that context, 86% of BEC losses were transmitted via wire transfer or ACH, fast-moving and often unrecoverable by the time fraud is detected. 

Vendor email compromise (VEC) now accounts for more than 60% of all BEC attacks. The attacker compromises a trusted vendor’s email account and sends fraudulent payment instructions from a legitimate address. Standard sender reputation checks pass. The email comes from a real account at a real company the institution already does business with. 

AI is accelerating the threat. In 2025, businesses reported over $30 million in BEC losses with a confirmed AI nexus. AI-generated deepfake audio and video are being used for impersonation in callback verification. AI can spoof entire email threads, creating convincing forgeries of prior conversations. The callback verification step that many institutions rely on is becoming less effective against this. 

68% of bankers surveyed by the American Banker responded that fraud schemes in the payments industry are going to get more sophisticated. That tracks with what we see every day. 

Where this leaves financial institutions 

The institutions that fare best against BEC have layered controls that do not depend on any single verification step: 

• Dual-authorization requirements on wire transfers and ACH changes above defined thresholds 

• Out-of-band verification that does not rely on contact information from the email itself 

• Email authentication controls (DMARC, DKIM, SPF) fully deployed and enforced, not just monitored 

• Transaction monitoring that flags anomalous payment patterns before money moves 

• Regular tabletop exercises that simulate BEC scenarios, not just phishing simulations 

The thread through these controls is the same: BEC gets detected upstream by cyber telemetry (auth failures, mailbox rule changes, anomalous logins) and downstream by fraud signals (payment pattern deviations, beneficiary changes, payee history). The institutions that catch it early treat those as one workflow, not two. If your cyber team and your fraud team are escalating BEC to different inboxes, the attacker is already winning the timing race. 

Insider threats: rare, but the damage potential is always high 

Insider threats are the threat category most institutions would prefer not to think about. We get it. These are your own people. 

In the first half of 2026, we saw a notable uptick in insider threat activity across our monitored client base. Insider events are rare by volume. They are also disproportionate by impact. When an insider with access to sensitive systems decides to act, the damage potential is not theoretical. It is immediate and it is high. 

Privilege misuse 

Every insider incident we observed in the first half of 2026 involved privilege misuse. Individuals had extensive access to sensitive data, and in each case the scope of that access became part of the problem. It raises a question every institution should be asking: do the people with access to your most sensitive data actually need all of it to do their jobs? 

This is the foundational insider threat problem, and it is the one your examiner asks about. FFIEC guidance is explicit: the degree of internal access granted to users directly increases the risk of damage, misdirection, or misuse of information and systems. That language sits behind the access review, segregation of duties, and least privilege expectations in the IT Handbook’s Information Security and Architecture & Operations booklets. NIST 800-53 codifies least privilege as a baseline control. Verizon DBIR consistently identifies privilege misuse as a top action in insider-driven breaches, and 89% of malicious cases are financially motivated. When the breach involves a malicious insider with elevated privileges, the average cost reaches $4.9 million per event, driven by long dwell time, quiet exfiltration, and deep access to the systems that matter most. 

Access reviews are a compliance requirement at every regulated institution, and every institution does them. But a passing access review does not mean access is right-sized. It means someone signed off that a list matched a role. If a teller has read access to commercial lending files, or a help desk analyst can pull customer PII outside their support scope, the review process satisfied the examiner without catching the actual risk. The gap between authorized access and necessary access is where insider risk lives. That is a common examination finding, not an exotic failure mode. 

Data exfiltration through collaboration tools 

In one incident, data was exfiltrated to a third party over Zoom. 

That exfiltration path is worth pausing on. Most institutions have invested in email DLP, USB device restrictions, and cloud storage upload controls. Screen sharing and file transfer over video conferencing platforms often fall completely outside those controls. The data leaves the organization in plain sight, during what looks like a normal business meeting, and nothing fires. If your DLP program does not account for collaboration tools like Zoom, Teams, and WebEx as exfiltration channels, you have a gap. 

The numbers 

Financial services pays among the highest average costs of any industry for insider threat incidents: $20.68 million per organization per year, second only to healthcare. Insider risk costs have risen 123% since 2018. Incidents contained in under 31 days cost $10.6 million on average. Those that take more than 91 days to contain cost $18.7 million, a 76% premium for slow detection. 

The profile is not what most people assume. 55% of insider incidents come from negligent employees, not malicious actors. Add credential theft (20%), and 75% of all insider incidents are non-malicious. But the malicious ones hit harder, and in financial services, insiders have direct access to the thing they are after. 

Where this leaves financial institutions 

• Audit access against actual job function, not just role title. The question is not “does this person have authorized access?” The question is “does this person need this access to do their current job?” 

• Extend DLP controls to collaboration platforms. Zoom, Teams, and WebEx need the same scrutiny as email and cloud storage. If data can leave through a screen share or file transfer, it is an exfiltration channel. 

• Monitor for anomalous access patterns, not just policy violations. The behavioral indicators matter more than the policy checklist. 

• Have a clear, exercised process for insider investigations. The legal, HR, and technical components need to be coordinated before the event, not during it. 

• Treat AI governance as an insider threat control. Your AI acceptable use standard is a preventive control for data exposure. Ungoverned AI usage (shadow AI) can expose sensitive data to external systems without malicious intent. An employee pasting customer data into an unsanctioned AI tool is an insider threat by outcome if not by motive. 

What comes next 

These three threat categories are not going away in the second half of 2026. ClickFix is still mutating. BEC volume shows no sign of tapering. And insider risk grows as technology access expands. But the threat environment is also shifting in ways that will change the nature of what we defend against. 

AI-assisted vulnerability exploitation 

For the first time in 2026, threat actors have been identified using a zero-day exploit believed to be developed with AI assistance, with plans for mass exploitation. Google’s Threat Intelligence group reported that adversaries are leveraging AI for vulnerability research, exploit development, and initial access operations. As AI accelerates the cycle from vulnerability discovery to working exploit, the window between “vulnerable” and “compromised” shrinks. Autonomous agents that can probe, validate, and exploit at machine speed are no longer a theoretical concern. They are emerging. Offensive agentic AI that can automate phishing, lateral movement, and exploit-chain execution with minimal human operator engagement is on the near horizon. 

Mythos is the warning shot. On April 7, 2026, Anthropic released Claude Mythos: an AI model that autonomously finds software vulnerabilities and writes working exploit code at machine speed. It scored 100% on a standard cybersecurity benchmark, surfaced a 27-year-old flaw in OpenBSD (an operating system in active use in financial infrastructure), and has identified thousands of unpatched vulnerabilities across widely-used software. 

The structural insight is not that AI helps attackers. It is that the patching clock and the attack clock no longer match. Industry average time to remediate a known flaw is seven to eight weeks; Mythos can write a working attack within minutes of a public fix, and the zero-day window is expanding rather than closing. Prioritizing patches off the CISA Known Exploited Vulnerabilities catalog is now working off a lagging indicator. KEV captures what is already being used in the open, not what is being used against you tonight. Controls have to be ready for zero-days that will not appear on the public catalog in time. That is not a staffing problem. It is a math problem, and it is the one every FI CISO needs to be solving for the second half of 2026. 

For financial institutions, the examiner posture is starting to shift with the threat. The old questions were about written policy and reasonable controls. The new questions are about speed: how fast did you know, how fast did you act, can you prove what you did and when. Patch management programs that were defensible in 2024 may not satisfy that bar in 2026. 

Higher density of unique malware 

AI tooling is also changing the economics of malware development. Polymorphic malware that reshapes its code at runtime is not new, but AI makes it dramatically faster to generate unique variants. The practical effect is a higher density of unique indicators of compromise and indicators of attack across the threat landscape. For FI security teams, that has two specific consequences. The first is that signature-based detection, which still anchors a large portion of the bank and credit union security stack, is producing diminishing returns. Examination expectations have traditionally rewarded the presence of those tools; the question is shifting to whether they actually detect what is being used against you. The second is that the combinatorial volume of unique IOCs and IOAs exceeds what a small FI SOC can manually triage. Behavioral detection, anomaly identification, and threat hunting on tactics and techniques (not artifacts) move from nice-to-have to load-bearing. 

Social engineering gets smarter 

ClickFix demonstrated that social engineering does not need to be complicated to be effective. It just needs to match the user’s mental model of a normal interaction. As AI tools improve, lures will become more contextually aware, more personalized, and harder to distinguish from legitimate communications. For a financial institution, the threat vectors that matter most look like the institution’s normal workflow. Deepfake audio of a customer authorizing a wire. AI-generated video of a vendor confirming a payment instruction change. Examiner or board member impersonation hitting branch staff with the urgency cues those communications carry. The traditional “spot the phish” user awareness approach is losing ground against lures that pass every plausibility test a staff member can run in the moment. Security programs need to assume that some social engineering will succeed and build detection and response capabilities around that assumption, including out-of-band verification workflows that do not rely on the channel the request arrived through. 

What this means 

The operational takeaway for the second half of 2026 is much of the same we have heard before: detect fast, respond faster, and invest in the controls that actually reduce risk. But the arms race is unbalancing as attackers utilize AI and modern tools to decrease the defenders effectiveness. 

Speed of detection matters more than ever. The threats we are seeing are faster, more automated, and more evasive. The institutions that will fare best are the ones that combine behavioral detection with operational discipline: right-sized access, layered verification, collaboration-aware DLP, and security awareness that evolves as fast as the attacks do. 

If your institution is seeing similar activity, or if you want to pressure-test your readiness against these specific threats, DefenseStorm CTS Ops is here. That’s what we do.