Are Financial Services Firms Easy Cybercrime Targets?

In the financial world, where money never sleeps, the systems powering global trade are facing an unprecedented barrage of cyber-attacks.

According to the 2025 Finance Sector Landscape Report by Check Point Software, the sector has seen a staggering surge in hostility, with cyber incidents more than doubling from 864 in 2024 to 1,858 in 2025.

The report, authored by researchers Shir Atzil, Mariana Raiser, and Ruty Davidson, highlights a critical reality for financial institutions: their high-interconnectivity and low tolerance for downtime have made them the ultimate lucrative target for a new era of cybercrime.

DDoS: The rise of geopolitical disruptions

Distributed Denial of Service (DDoS) attacks increased by 105% in 2025, remaining the most ‘destructive and dominant’ threat to the sector. While financial gain remains a factor, the report identifies a sharp rise in hacktivist activity driven by geopolitical tensions.

Primary targets included countries with high geopolitical tension, including attacks launching against Israel (16.6%), the US (5.9%) and the UAE (5.6%).

Leading actors include The North African group Keymous+, responsible for 121 attacks, and pro-Russian group NoName057, with 98 attacks.

A move toward short burst attacks seems to be the preferred method, resulting in dozens of operations in a single day. This is  designed to overwhelm traditional on-demand scrubbing services.

Ruty Davidson, Cyber Threat Intelligence Analyst for Check Point, notes that AI and deepfake technologies have further enabled these campaigns, forcing institutions to move toward always-on detection and multi-CDN routing.

Stealthy data breaches and identity exploitation

The report found a 73% rise in data breach operations. Unlike the immediate impact of a DDoS attack, these are covert, long-term plays focused on silent data exfiltration.

Regional hotspots include the US, which accounts for 40% of all global incidents, making it the heaviest target. India and Indonesia are also identified as emerging new targets.

33% of attacks were carried out by elusive, unidentified actors using burner accounts and decentralised identities to mask their footprints. The CheckPoint report describes this as a ‘notable evolution’ that represents a shift ‘toward decentralised identities and burner accounts’.

Threat actors, including organised groups like Breach Laboratory, responsible for 43 incidents in 2025, are aggressively exploiting cloud misconfigurations, unmonitored API endpoints and weak identity governance to rail extortion campaigns. 

A mature ransomware ecosystem

Ransomware has evolved into a sophisticated multi-pronged threat involving encryption, public shaming, and direct pressure on executives. In 2025, 451 cases plagued the sector, centered largely in regions with high-value digital banking infrastructure.

Ransomware as a cyber threat includes methods such as data encryption, exfiltration, direct pressure on consumers and public shaming. These methods target data in addition to providing a reason for consumers to lose trust in organisations. 

The US also takes the lead here, accounting for 43.5% of total ransomware incidents with 196 attacks. Following closely are the UK and Canada, both hubs to large digital banking infrastructure. ​​​​​​​

These Ransomware-as-a-Service (RaaS) groups thrive by exploiting VPN vulnerabilities and third-party service providers through highly modular malware and organized affiliate networks.

The findings suggest that traditional perimeter security is no longer sufficient.

To safeguard the financial ecosystem against AI-powered threats and short-lived infrastructure, the report calls for a shift toward identity-centric security models, automated cloud scanning, and layered defences that integrate visibility and governance across the entire institutional network.