Cyberattacks on Financial Sector Double in 2025, Driven by AI-Powered Threats and Hacktivism
The financial sector faced an unprecedented surge in cyberattacks in 2025, with incidents more than doubling rising from 864 in 2024 to 1,858 according to Check Point Software’s 2025 Finance Sector Landscape Report. The escalation reflects a shift toward more sophisticated, AI-driven tactics, geopolitical hacktivism, and the exploitation of persistent vulnerabilities in cloud security, identity governance, and third-party ecosystems.
Key Threats and Trends
Ransomware, DDoS attacks, and data breaches dominated the threat landscape, with ransomware incidents alone reaching 451 cases nearly half (43.5%) targeting U.S. institutions. The ransomware-as-a-service (RaaS) ecosystem has matured, enabling even moderately skilled actors to launch large-scale campaigns. Leading groups included Qilin (83 attacks), Akira (37), and Clop (19), which leveraged stolen credentials, VPN vulnerabilities, and third-party service providers to infiltrate networks.
DDoS attacks saw a 105% increase, evolving from one-time disruptions to short-burst, high-frequency strikes designed to overwhelm mitigation systems. Hacktivist groups played a major role, with Keymous+ (121 attacks) and NoName057 (98 attacks) linked to North African and pro-Russian motivations, respectively targeting financial platforms in regions of high geopolitical tension. Israel (16.6%), the U.S. (5.9%), and the UAE (5.6%) were the most affected, though not all attacks were financially motivated; many served broader ideological or state-aligned objectives.
Exploitation of Weaknesses
Threat actors capitalized on misconfigurations such as open storage buckets, permissive access controls, and unmonitored APIs to gain initial access. Organized groups like Breach Laboratory exploited these gaps, alongside leaked credentials and dark web marketplaces, to fuel extortion campaigns. Advanced persistent threats (APTs) also surged, with attackers maintaining long-term, covert access to exfiltrate data before disclosure.
The U.S. remained the most targeted country (40% of global incidents), followed by India, Indonesia, South Korea, the UK, and Canada regions with expansive digital banking infrastructure. The report highlights the growing use of AI and deepfake technologies to enhance phishing, impersonation, and social engineering attacks, introducing new risks for financial institutions.
Evolving Attacker Tactics
Elusive threat actors, responsible for 33% of attacks, demonstrated improved operational security, using short-lived infrastructure, decentralized identities, and burner accounts to evade detection. The rise of stealthy data breach operations characterized by delayed disclosure further complicates defense efforts. Check Point’s researchers emphasize the need for always-on detection, multi-CDN routing, and layered defenses to counter these adaptive threats.
The report underscores the financial sector’s vulnerability due to its zero-tolerance for downtime, interconnected systems, and high-value data making it a prime target for both criminal and state-aligned actors. As attacks grow in scale and sophistication, traditional security measures are proving insufficient against the evolving threat landscape.
Source: https://cybermagazine.com/news/check-point-financial-sector-cyber-risks
NETSCOUT cybersecurity rating report: https://www.rankiteo.com/company/netscout
QILIN cybersecurity rating report: https://www.rankiteo.com/company/qilin
"id": "NETQIL1770303663",
"linkid": "netscout, qilin",
"type": "Ransomware",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'financial sector',
'location': ['U.S.',
'India',
'Indonesia',
'South Korea',
'UK',
'Canada',
'Israel',
'UAE'],
'type': 'financial institutions'}],
'attack_vector': ['stolen credentials',
'VPN vulnerabilities',
'third-party service providers',
'misconfigurations',
'open storage buckets',
'permissive access controls',
'unmonitored APIs',
'phishing',
'social engineering',
'deepfake technologies'],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['personally identifiable '
'information',
'payment information']},
'date_detected': '2025',
'date_publicly_disclosed': '2025',
'description': 'The financial sector faced an unprecedented surge in '
'cyberattacks in 2025, with incidents more than doubling from '
'864 in 2024 to 1,858. The escalation reflects a shift toward '
'more sophisticated, AI-driven tactics, geopolitical '
'hacktivism, and the exploitation of persistent '
'vulnerabilities in cloud security, identity governance, and '
'third-party ecosystems.',
'impact': {'brand_reputation_impact': True,
'data_compromised': True,
'downtime': True,
'identity_theft_risk': True,
'operational_impact': 'significant disruption due to '
'zero-tolerance for downtime',
'payment_information_risk': True,
'systems_affected': ['financial platforms',
'digital banking infrastructure']},
'initial_access_broker': {'data_sold_on_dark_web': True,
'entry_point': ['stolen credentials',
'VPN vulnerabilities',
'third-party service providers']},
'lessons_learned': 'Traditional security measures are proving insufficient '
'against the evolving threat landscape. The financial '
"sector's vulnerability is exacerbated by its "
'zero-tolerance for downtime, interconnected systems, and '
'high-value data.',
'motivation': ['financial gain',
'geopolitical hacktivism',
'ideological objectives',
'state-aligned objectives'],
'post_incident_analysis': {'corrective_actions': ['always-on detection',
'multi-CDN routing',
'layered defenses',
'addressing cloud security '
'and identity governance '
'gaps'],
'root_causes': ['misconfigurations',
'leaked credentials',
'dark web marketplaces',
'AI-driven phishing/social '
'engineering',
'geopolitical hacktivism']},
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': ['Qilin', 'Akira', 'Clop']},
'recommendations': 'Implement always-on detection, multi-CDN routing, layered '
'defenses, and address misconfigurations in cloud '
'security, identity governance, and third-party '
'ecosystems.',
'references': [{'date_accessed': '2025',
'source': 'Check Point Software’s *2025 Finance Sector '
'Landscape Report*'}],
'response': {'enhanced_monitoring': 'always-on detection, multi-CDN routing, '
'and layered defenses'},
'threat_actor': ['Qilin',
'Akira',
'Clop',
'Keymous+',
'NoName057',
'Breach Laboratory',
'elusive threat actors'],
'title': 'Surge in Cyberattacks on Financial Sector in 2025',
'type': ['ransomware', 'DDoS', 'data breach'],
'vulnerability_exploited': ['cloud security weaknesses',
'identity governance gaps',
'third-party ecosystem vulnerabilities']}