The global financial sector is facing a sharp rise in Financial Services DDoS Attacks, with cybercriminals increasingly targeting banks, payment systems, and online financial platforms through larger, longer, and more attacks, according to new research from Akamai.

In its latest State of the Internet (SOTI) Security report titled AI-Empowered Botnets and API Visibility Gaps: Attack Trends in Financial Services, research warned that AI-powered botnets and politically motivated hacktivist groups are intensifying the cyber threat landscape for the banking and financial services industry.

Researchers found that Financial Services DDoS Attacks have become more persistent and operationally disruptive, particularly across Layers 3 and 4 web and API infrastructure.

Financial Services DDoS Attacks Top the Chart

According to the report, financial services organizations are now the most targeted industry for web and API distributed denial-of-service attacks.

Akamai revealed that the median duration of global Layers 3 and 4 Financial Services DDoS Attacks has increased by 738% since 2024. The company attributed the surge to AI-powered attack infrastructure and growing hacktivist activity, including campaigns linked to pro-Iran cyber groups.

Security researchers said attackers are increasingly focusing on:

• Online banking systems
• Real-time payment platforms
• API infrastructure
• Customer-facing financial applications

The report noted that while financial institutions continue expanding digital banking and payment services, the growing reliance on APIs and cloud-connected infrastructure has also expanded the attack surface available to threat actors.

API-Related Cyber Risks Emerging as Major Security Weakness

One of the strongest findings in the report involved API-related cyber risks.

According to reserach’s 2026 API Security Impact Study, 96% of financial service leaders surveyed reported at least one API security incident within the past year. That figure was the highest recorded among all industries included in the research.

The report also found that:

• 60% of all web attacks in 2025 targeted banking institutions
• 83% of attacks against API endpoints focused on financial organizations

Researchers warned that APIs are increasingly becoming high-value targets because they support critical services such as digital payments, account management, authentication systems, and mobile banking applications.

Steve Winterfeld, Advisory Chief Information Security Officer at Akamai, said APIs are now central to modern cyberattacks against financial institutions.

“Cybercriminals and hacktivists continue to escalate DDoS from nuisance attacks to a sustained siege encompassing both hacktivism and cybercrime, and financial services are in the crosshairs,” Winterfeld said.

He added that artificial intelligence is accelerating existing cybersecurity threats rather than replacing them.

AI Botnets Driving DDoS Campaigns

The report highlighted how AI-driven infrastructure is helping attackers automate and scale malicious operations more effectively.

Researchers observed a 147% surge in advanced bot activity during late 2025. In one case study referenced by Akamai, nearly 96% of all traffic reaching a targeted website was identified as malicious scraping bot activity.

The company warned that AI-powered botnets are making Financial Services DDoS Attacks more difficult to detect and mitigate because attackers can dynamically adapt attack patterns and traffic behavior.

These botnets are also being used to:

• Overwhelm infrastructure
• Disrupt payment systems
• Target APIs
• Scrape sensitive data
• Launch credential abuse campaigns

Cybersecurity experts have increasingly warned that AI-enabled automation allows threat actors to launch large-scale attacks with fewer technical resources.

Attack Patterns Differ Across Global Regions

Research also identified major regional differences in cyberattack patterns targeting financial institutions.

The report found:

• Europe, the Middle East, and Africa accounted for 62% of Layers 3 and 4 DDoS attacks
• Asia-Pacific experienced 52% of Layer 7 DDoS attacks
• North America recorded the highest volume of web attacks at 44%

Researchers said these differences reflect varying attacker strategies, infrastructure deployment patterns, and regional cybersecurity maturity levels.

The report also revealed that nearly 80% of financial institutions experienced ransomware attacks during the past two years. However, fewer than half of surveyed organizations reported adopting advanced cybersecurity technologies capable of handling modern attack methods.

Growing Pressure on Financial Sector Cybersecurity

The latest findings add to growing concerns around operational resilience within the global financial industry.

As banks and financial institutions continue accelerating digital transformation initiatives, cybersecurity teams are being forced to defend increasingly complex environments that rely heavily on APIs, cloud platforms, automated infrastructure, and third-party integrations.

Research said organizations must improve visibility into APIs, strengthen DDoS mitigation strategies, and modernize threat detection capabilities to address the evolving threat landscape.

The SOTI report also includes guidance on DNS security, DDoS mitigation practices, AI architecture security considerations, and insights from financial sector cybersecurity experts, including contributions from the FS-ISAC.