Virtual bank robbery has reached industrial scale. Whether seeking profit or disruption, cybercriminals are targeting financial services with a vengeance, intent on grabbing sensitive and lucrative personal data from account credentials to payment card information.
Botnets, API vulnerabilities, and the rapid adoption of artificial intelligence (AI) are converging to create an extremely dynamic and complex threat landscape for financial service organizations worldwide.
The latest research on financial services threats
The new State of the Internet (SOTI) Security report, AI-Empowered Botnets and API Visibility Gaps: Attack Trends in Financial Services, is now live. In the two years since we last examined this industry, we’ve seen a wave of activity that’s increasing in both volume and complexity.
Our new report takes a deep dive into current threat trends — and provides mitigation strategies so organizations can adapt and stay resilient.
AI threats demand a collective response
The report begins with a guest column by John “JD” Denning, Chief Security Officer for the Financial Services Information Sharing and Analysis Center (FS-ISAC). JD makes the case that while AI is helping organizations transform operations, it’s also expanding their attack surface and compounding risk.
A collective defense is needed to address today’s hyperconnected threat landscape. JD highlights the importance of real-time threat intelligence across the financial ecosystem, with defenders sharing insights and tactics with one another to raise the cost for attackers.
Financial services continues to be a primary target
With an analysis of trends over time and a deep dive into 2025 data, the SOTI report presents critical findings, including:
Distributed denial-of-service (DDoS) attacks remain the industry’s greatest threat
DNS is a hidden attack surface
Web attacks continue to increase
API growth is compounding the risk
AI-enabled botnets are a critical threat
DDoS attacks remain the industry’s greatest threat
The financial services industry is a prime target of DDoS events, far outpacing other industries; banking remains the leading vertical targeted by Layers 3 and 4 attacks, as well as by Layer 7 DDoS attacks, by a wide margin.
DDoS attacks that target Layers 3 and 4 increased 5.2% year over year.
These attacks also grew in size, complexity, and event duration.
Maximum DDoS attack event sizes increased by 236% and the median duration increased by 738% from 2024 to 2025.
This dramatic increase is driven by a combination of legacy system flaws, rapid digital banking expansion, and AI-enhanced attack frameworks that enable adversaries to adapt to mitigation strategies in real time, which can dramatically increase the scale and complexity of threats.
The SOTI Security report explores this topic in detail, including insights on regional trends, Internet of Things (IoT) botnets, and the role of hacktivist attacks by groups like Keymous+, DieNet, Handala, and the Cyber Islamic Resistance (CIR).
DNS is a hidden attack surface
DNS has emerged as a major, often overlooked, attack surface for banking, wealth management, insurance, and fintech organizations. DNS infrastructure often outlives the systems, products, and business units it originally supported, creating potential exposure to subdomain takeover, impersonation, and unauthorized certificate issuance.
The report describes common DNS issues that create vulnerabilities, such as misconfigured Start of Authority (SOA), missing Certificate Authority Authorization (CAA) records, missing DNSKEY records, unnecessary wildcard DNS records, and disabled registry locks. In a distributed cloud environment, DNS is no longer simply a routine maintenance issue — it is the critical control point for digital trust and secure application delivery.
Web attacks continue to increase
Our research shows that attackers are relentlessly targeting financial services websites, with attacks surging by 11% from 2024 through 2025 globally. With 110 billion attacks over the two-year period, financial services is the second most targeted industry for web attacks, following commerce. The majority of web attacks (60%) targeted banking sites.
API growth is compounding the risk
API endpoints are a major vector for web attacks, underscoring the need for greater API visibility and governance. With pressure on organizations to deploy new online functionality continuously and rapidly, shadow APIs and AI-assisted (vibe) coding are adding to the challenge.
The emergence of botnets for hire and other user-friendly tools, together with insufficient DDoS protection, opens the door for less technically savvy actors to launch web attacks. This underscores the need for security teams to sharpen their focus on strong cyber hygiene and security fundamentals, including maintaining visibility of their API estate.
AI-enabled botnets are a critical threat
Advanced bot activity surged by 147% in late 2025, with an increase in AI-enabled evasion techniques. Today, hyperscale zombie botnets can control millions of IoT devices to mount massive DDoS attacks while neutralizing standard IP reputation blocks.
Our research emphasized the importance of moving from basic signature blocking to behavioral heuristics and user-risk telemetry to identify fraudulent identities within transactional flows.
Practical defense strategies for financial services
AI does not replace traditional security risks — it amplifies them. That’s why defenders must transition from static perimeters to adaptive, AI-aware security architectures to counter today’s increased attack volume and sophistication.
The new SOTI Security report explores practical defense strategies for financial services, including the MITRE ATT&CK Matrix for Enterprise and the ATLAS™ knowledge bases that demystify the techniques cybercriminals use to execute attacks.
The report includes practical tips on how financial services organizations can navigate the increasingly complex compliance landscape. In addition, it examines tools and best practices to help security operations teams sharpen their assessment and red team activities, improve their security posture, and protect their AI deployments.
The new SOTI Security report turns theoretical risks into actionable insights, providing the intelligence needed to maintain security and trust in an increasingly volatile environment.
Want the full story?
Download the new SOTI Security report: AI-Empowered Botnets and API Visibility Gaps: Attack Trends in Financial Services.
Tags
