Surge in DDoS Attacks Targeting Financial Services Amid AI and Hacktivism
Severity: High (Score: 72.2)
Sources: www.globenewswire.com, Sg.Finance.Yahoo, Markets.Businessinsider, Globenewswire, Stocktitan
Published: · Updated:
Keywords: akamai, financial, services, risk, ddos, attacks, bigger
Severity indicators: financial
Summary
Akamai's latest report reveals a significant rise in DDoS attacks against the financial services sector, with a 738% increase in median attack duration since 2024. Pro-Iran hacktivists and AI-driven bots are identified as key players in this escalation, targeting online banking and payment systems. In 2025, 60% of web attacks and 83% of API endpoint incursions were directed at banking institutions. Nearly 80% of financial organizations have experienced ransomware attacks in the past two years, yet less than half have implemented advanced security measures. The report indicates that 96% of surveyed financial leaders reported at least one API security incident in the last year, the highest across all industries. Regional attack patterns show that EMEA is most affected by Layers 3 and 4 DDoS attacks, while APAC faces more Layer 7 DDoS threats. The findings emphasize the urgent need for enhanced security strategies in the financial sector. Key Points: • DDoS attacks on financial services have increased by 738% in duration since 2024. • Pro-Iran hacktivists and AI bots are major contributors to the rise in cyberattacks. • 96% of financial leaders reported API security incidents in the past year.
Detailed Analysis
**Impact** The financial services sector is the primary target of escalating DDoS attacks, with 96% of surveyed organizations reporting at least one API security incident in the past year. In 2025, 60% of all web attacks and 83% of API incursions targeted banking, while nearly 80% of financial institutions faced ransomware attacks over two years. Regionally, EMEA experiences 62% of Layers 3 and 4 DDoS attacks, APAC faces 52% of Layer 7 DDoS, and North America sees 44% of web attacks. The median duration of these attacks has increased by 738% since 2024, severely impacting online banking, payment systems, and critical applications. **Technical Details** Attack vectors include Layers 3 and 4 DDoS, Layer 7 DDoS, and API endpoint targeting, amplified by AI-powered botnets and pro-Iran hacktivist groups. Advanced bot activity surged 147% in late 2025, with some cases showing 96% of site traffic as malicious scraping bots. The attacks exploit API visibility gaps and leverage AI to increase attack complexity and duration. Specific malware, CVEs, or IOCs were not detailed in the available sources. **Recommended Response** Financial institutions should prioritize deploying advanced DDoS mitigation strategies, enhance API security monitoring, and implement bot management solutions to detect and block malicious traffic. Organizations must adopt best practices for API visibility and protection, including rate limiting and anomaly detection. Continuous monitoring of traffic patterns and collaboration with threat intelligence sharing groups like FS-ISAC is advised. No specific patches or CVE mitigations were provided in the reports.
Source articles (8)
- Financial Services at Risk: DDoS Attacks Are Bigger, Longer, and More Complex, Akamai Research Finds — Globenewswire · 2026-05-20
Akamai announced that it has priced an upsized offering of convertible senior notes. Akamai introduces AI Brand Presence to optimize website content for LLM and AI agents using generative engine optim… - 2026 API Security Impact Study — www.akamai.com · 2026-05-20
- 2026 API Security Impact Study — www.globenewswire.com · 2026-05-20
- AI-Empowered Botnets and API Visibility Gaps: Attack Trends in Financial Services — www.globenewswire.com · 2026-05-20
- Financial Services at Risk: DDoS Attacks Are Bigger, Longer, and More Complex, Akamai Research Finds — Globenewswire · 2026-05-20
Akamai announced that it has priced an upsized offering of convertible senior notes. Akamai introduces AI Brand Presence to optimize website content for LLM and AI agents using generative engine optim… - Financial Services at Risk: DDoS Attacks Are Bigger, Longer, and More Complex, Akamai ... — Markets.Businessinsider · 2026-05-20
CAMBRIDGE, Mass., May 20, 2026 (GLOBE NEWSWIRE) -- Cybercriminals are now targeting financial services more than any other industry for web and API (Layers 3 and 4) distributed denial-of-service (DDoS… - Akamai: DDoS on financial firms up 738% in duration — Stocktitan · 2026-05-20
Akamai (NASDAQ: AKAM) released its May 20, 2026 State of the Internet Security report focused on financial services. The research finds cybercriminals and pro-Iran hacktivists increasingly using AI-dr… - Financial Services at Risk: DDoS Attacks Are Bigger, Longer, and More Complex, Akamai Research Finds — Sg.Finance.Yahoo · 2026-05-20
Pro-Iran hacktivism and AI bots are amplifying cyberattacks targeting online banking, payments, and applications CAMBRIDGE, Mass., May 20, 2026 (GLOBE NEWSWIRE) -- Cybercriminals are now targeting fin…
Timeline
- 2024-01-01 — DDoS attack duration increases noted: Akamai reports a 738% increase in median DDoS attack duration targeting financial services since 2024.
- 2025-01-01 — Major web attacks reported: In 2025, 60% of total web attacks targeted banking institutions, highlighting vulnerabilities in the sector.
- 2025-01-01 — Ransomware attacks surge: Nearly 80% of financial institutions faced ransomware attacks in the past two years, with many lacking advanced security technologies.
- 2026-05-20 — Akamai report published: Akamai releases findings on DDoS attacks and API security incidents in the financial sector, emphasizing the need for improved defenses.
Related entities
- DDoS (Attack Type)
- Ransomware (Attack Type)
- [email protected] (Email)
- [email protected] (Email)
- Financial (Industry)
- Financial Services (Industry)