ADGM Notice on Malware Threats and Cybercrime Prevention

The Riffle

On 18 September 2025, the Abu Dhabi Global Market’s (ADGM) Financial Services Regulatory Authority (FSRA) issued Notice FSRA/FCCP/128/2025, addressing one of today’s most pressing risks - malware-driven cybercrime. The notice highlights the growing threat posed by malicious software to financial institutions, outlining the types of malware, the common pathways for infection, and practical strategies firms must adopt to safeguard operations. With cyberattacks capable of disrupting systems, stealing data, and damaging reputations, ADGM stresses that vigilance and robust security controls are critical to protecting both individual firms and the wider UAE financial ecosystem.

The Nature and Impact of Malware

Malware is more than just a technical nuisance — it can compromise operational integrity, data security, and financial stability. Its impact includes:

• 🔴 Operational disruption – systems locked or rendered unusable

• 🔴 Data loss or encryption – deleted, stolen, or ransomed files

• 🔴 System compromise – hijacked devices used for further attacks

• 🔴 Credential theft – stolen authentication details

• 🔴 Resource hijacking – illicit cryptocurrency mining

• 🔴 Financial and reputational loss – direct monetary damage and eroded trust 

Types of Malware

The FSRA classifies malware into broad categories:

• Data exfiltration tools (spyware, Trojans)

• Destructive software (viruses, worms)

• Ransomware (encryption for extortion)

• Unwanted/intrusive software (adware, rootkits) 

How Malware Spreads

Cybercriminals exploit both human error and technical flaws. Common infection vectors include:

• Drive-by downloads – hidden malware from compromised sites

• Unsafe downloads – unverified apps or software

• Infected external devices – USBs, hard drives

• Unsecured networks – risky public Wi-Fi connections

• Phishing emails – malicious attachments or links 

Prevention and Mitigation: FSRA’s Recommendations

The notice stresses a “defence in depth” approach, combining multiple protective measures:

• ✅ Antivirus deployment & application whitelisting

• ✅ Email filtering & blocking malicious content

• ✅ Stronger access controls (disable RDP, enforce MFA)

• ✅ Regular patching & automatic updates

• ✅ USB control & firewall configurations

• ✅ Intrusion detection/prevention systems (IDS/IPS)

• ✅ Offline backups of critical data

Concluding Mandate

ADGM concludes that consistent vigilance and layered security measures are not optional — they are essential for maintaining the security, integrity, and stability of both ADGM and the wider UAE financial system. Authorised Persons (APs) and Recognised Bodies (RBs) are urged to adopt these controls without delay and may seek further clarification from the FSRA’s Financial & Cyber Crime Prevention department.

Read the full document presented by 10 Leaves here -