Financial Services Under Siege: Understanding Hacktivism’s Impact
- Shira Sagiv, Vice President of Product Portfolio at Radware
- 29.08.2025 11:30 am #CyberSecurity #FinancialServices
Faced with waves of alarmingly sophisticated, AI-driven cyberattacks, financial services companies are contending with an increasingly volatile threat landscape. The underlying statistics are sobering. According to recent threat intelligence research from Radware, financial services bore 44% of the total layer 7 DNS attack activity during 2024. At the same time, the sector faced 30% of DDoS attack volume. It also experienced the steepest growth in DDoS attack volume per organization, increasing 393% year-over-year and growing faster than the global average of 120%.
So, what’s driving this escalation in the threat landscape? Hacktivism continues to be a leading driver of cyberattacks propelled by a combination of factors, including strongly held political and religious ideologies, easy access to bigger and better tools, a growing community of bad actors, and the influence of AI. A deeper understanding of these factors can help financial services organizations better anticipate potential threats and improve their security posture.
Unmasking Modern Threats
Shifting hacker motivations are among the key forces influencing the threat landscape today.
Attacks today are primarily driven by:
Political ideologies: For example, hacktivist organizations such as NoName, Killnet, Anonymous Russia and Passion Group have increased their activity in the wake of the Russia-Ukraine War. These very active pro-Russian groups target specific countries and organizations that have adopted or expressed pro-Ukrainian positions. High-profile events such as the Eurovision contest, the Olympic Games, or U.S. elections, are also no strangers to politically motivated cyber activity.
Religious beliefs: Religious beliefs can run as deep as political ones. Take, for example, pro-Islamist hacktivists such as Anonymous Sudan, Mysterious Team Bangladesh and Dragon Force Malaysia. These and other pro-Palestinian groups have built reputations for engaging in harmful and disruptive activities against those who they believe have insulted the Muslim religion or have taken a pro-Israel stance.
Financial incentives: Financial gain is another major driver influencing the threat landscape. Well-funded, well-organized “for hire” mercenaries use social media networks to sell hacking tools and services for account takeovers. Major banks in France, the U.S., and Italy have been targeted for reasons as varied as aid to Ukraine, support for Israel, and agriculture protests. These groups boldly brand their tools and claim responsibility for attacks.
These Aren’t Your Father’s Hacking Tools
Hacktivists’ changing attack methods also continue to contribute to escalations in the threat
landscape. New attacks go beyond just increasing in size and speed. They’re more
automated and more sophisticated than ever before, often using multiple randomization techniques to avoid traditional defenses.
To elevate their attacks, cybercriminals are making use of a new generation of bundled, multi-layered, multi-vector tools. These tools have emerged to create a “one-stop shop” that combines dozens of attack methods into a single platform—tools that are just a few clicks away on GitHub. For instance, MHDDoS—one of the most well-known DDoS attack tools—provides hackers with 56 different methods that go far beyond DDoS vectors (e.g., HTTP/S, GET, and POST floods). It includes bot attack vectors, web-application attacks and other techniques to elude common defenses such as Cloudflare and Google Shield.
A Stronger Hacking Community
The third factor driving the sharp increase in cyber attacks can be attributed to the sheer number of attackers, which continues to climb. One of the feeders for this growth resides among gamers. Four out of five attackers involved in DDoS attacks and account takeovers come from the gaming community, which has grown by 700 million new players in the past four years. They have shown, it’s a small step from gaming to hacking.
At the same time that hacker groups are growing stronger in numbers, they are expanding their influence and strengthening their partnerships. To scale their attacks, they are using social networks as virtual billboards to promote their nefarious services and tools and form campaign-specific alliances. For instance, Killnet, NoName, and Anonymous Sudan all joined forces in a pro-Russia campaign against Western financial services firms to prevent aid funding to Ukraine, proclaiming “No money, no weapons, no Kyiv regime.”
Hackers Apply AI
The fourth factor impacting the evolution in the threat landscape is the use of AI for cybercrime. Attackers today leverage AI in a number of ways.
They use it to automate and create more sophisticated phishing campaigns that are hard to detect. FraudGTP, as an example, is basically an AI bot, exclusively targeted for offensive purposes, such as crafting spear phishing emails, creating cracking tools, carding, etc. The tool is being sold on various Dark Web marketplaces and the Telegram platform and gives the attackers everything they need to create business email compromise (BEC) phishing campaigns on organizations.
Attackers also use AI tools to create more disruptive attacks that overcome defenses. A great example of this is the new AI-based CAPTHCA solving tools. For instance, on May 18, 2024, Stressor.Cat, a well-known DDoS tool, published a recording demonstrating its new CAPTCHA-solving capabilities.
In addition, there is an increase in the use of OTP (One Time Password) AI bots to overcome two-factor authentication (2FA) that many people use on their bank accounts. The goal is to leverage these automated bots, impersonate the bank and trick the victim to share their 2FA code. These AI-based bots represent a sophisticated evolution in social engineering attacks, automating the process and making these attacks more scalable and more challenging to detect.
What’s Needed to Stay Protected
Collectively, these trends mean that financial institutions can expect an even greater number of sophisticated attacks that are automated, heterogeneous, distributed, and randomized, making them even harder to detect and mitigate. To effectively defend against them, financial institutions today need:
AI-powered security: Old solutions won’t solve new problems. The only way to feasibly respond to AI-based threats is to use these same technologies to defend data and resources. Intelligent security that's powered by AI-based algorithms can fight these threats and strengthen protection.
An integrated security stack: To combat all-in-one attack tools, financial services companies should look for an integrated platform that combines several attack methods without targeting just DDoS protection, WAF or any one type of security. They need an integrated platform that correlates across a wide area of threats.
Environment consistency: To protect across all environments—public cloud, hybrid, private cloud, or on-premises—modern security solutions should take a consistent approach to all entry points into an application.
Expert defense: Few organizations have the on-staff security experts to address complex threats and sophisticated attack campaigns. Financial services organizations should partner with a vendor that has 24X7 response services to help prevent or mitigate incidents when they arise.
For financial services companies to navigate this increasingly perilous digital landscape, it is imperative to stay ahead of the curve by continuously evolving their security strategies. With proactive measures and a commitment to robust cybersecurity practices, they can fortify their defenses and safeguard not only their critical assets but also customer trust.
