Why Cyberattacks on Banks Are Getting Longer, Larger, and Harder to Stop

Several factors make banks especially attractive targets:

• Direct financial gain: Attackers seek payment-card data, credentials, and opportunities for fraud.
• High-value customer accounts: Compromised access can enable account takeovers or financial theft.
• Complex infrastructure: Many institutions operate a mix of legacy systems and modern digital platforms.
• Rapid digital expansion: Mobile banking, fintech integrations, and open banking APIs expand the attack surface.

The sector’s importance also means disruptions attract attention—making banks attractive targets for politically motivated attackers as well.

AI-Powered Botnets and IoT “Zombie” Networks

A major driver of modern attacks is the scale of automated botnets. Akamai reports a 147% surge in advanced bot activity in late 2025, with attackers increasingly using AI-assisted evasion techniques .

Many of these attacks rely on large networks of compromised devices—often called IoT zombie networks—made up of infected routers, cameras, and consumer electronics. These distributed systems can generate enormous traffic volumes while blending in with legitimate users.

AI capabilities make botnets even more effective. Modern attack infrastructure can:

• Adapt traffic patterns dynamically to bypass defenses
• Rotate IP infrastructure rapidly
• Mimic human browsing behavior
• Coordinate millions of devices simultaneously

These tactics make traditional filtering methods such as static IP blocking far less effective.

Web Attacks Are Also Exploding

DDoS attacks are only part of the threat landscape. Akamai documented 110 billion web attacks against financial services during 2024–2025, making the sector the second-most targeted industry globally for web application attacks after commerce .

Within that activity, about 60% of attacks targeted banking websites directly, highlighting the importance of customer-facing applications as entry points for attackers .

The report also warns that expanding API ecosystems are introducing new risks. Rapid development and poorly documented "shadow APIs" can expose sensitive functionality that attackers exploit before security teams even know the endpoints exist .

DNS and API Weaknesses Expand the Attack Surface

Beyond web applications, Akamai identifies DNS infrastructure as an often-overlooked vulnerability in financial systems .

Misconfigurations or poor governance can allow attackers to:

• Take over subdomains
• Impersonate legitimate services
• Issue unauthorized certificates

At the same time, financial organizations are rapidly adding APIs to support fintech partnerships, mobile apps, and open banking services. Without strong visibility and governance, these interfaces can become major entry points for attackers.

Hacktivism and Geopolitical Cyber Pressure

Not all attacks are financially motivated. Some are driven by geopolitics and hacktivist movements.

Threat groups such as Keymous+ and DieNet have been linked to coordinated waves of DDoS attacks tied to geopolitical conflicts. In one surge following Middle East tensions in early 2026, researchers recorded 149 hacktivist DDoS attacks against 110 organizations across 16 countries, with those two groups responsible for nearly 70% of the activity .

Other actors, including the group Handala, have also been associated with cyber operations and are reported to have links to Iran’s intelligence ecosystem, according to security reporting .

These campaigns often target government institutions, telecommunications providers, and financial services simultaneously—aiming to cause disruption and visibility rather than financial gain.

Why Traditional Cybersecurity Defenses Are Failing

Akamai’s conclusion is that modern cyber threats are evolving faster than many traditional security architectures.

Legacy perimeter defenses—such as static firewalls, signature-based detection, or simple IP blocking—struggle to handle:

• AI‑driven adaptive botnets
• massive IoT-based attack networks
• rapidly changing API ecosystems
• sustained multi-vector DDoS campaigns

Instead, security teams are being pushed toward adaptive, AI-aware security architectures.

The Security Shift Financial Institutions Must Make

To counter modern threats, experts recommend a layered approach that combines multiple defenses:

• Behavioral threat detection rather than static signatures
• Real-time risk scoring and user telemetry
• Comprehensive API discovery and governance
• Strong DNS configuration management
• Scalable DDoS mitigation and threat intelligence sharing

The underlying message from the SOTI report is clear: cyberattacks against financial services are becoming industrialized and automated. Criminal groups pursue profit through fraud and credential theft, while hacktivists pursue disruption and political signaling—but both increasingly rely on the same scalable technologies, from AI automation to massive botnets .

For banks and fintech platforms, resilience now depends on building security systems that can evolve as quickly as the threats targeting them.