Hacker mindset: Why are DDoS attacks against the finance sector escalating?

In the past, distributed denial-of-service (DDoS) attacks were sometimes dismissed as digital graffiti; noisy, disruptive, but ultimately manageable. That’s no longer the case. According to From Nuisance to Strategic Threat, a report by the FS-ISAC and Akamai Technologies in June 2025, today’s DDoS campaigns are smarter, more persistent, and disturbingly effective – especially when aimed at financial services.

So, why is the financial sector being targeted more than ever? And what does this tell us about the hackers behind these attacks?

A new breed of DDoS 

DDoS attacks have evolved. We’re no longer dealing with just traffic floods. Attackers are blending volumetric and application-layer tactics, conducting precise reconnaissance, and launching multi-vector assaults that exploit both infrastructure and business logic.

The FS-ISAC report reveals a 58% increase in application-layer DDoS attacks on APIs in the financial sector from 2023 to 2024 – while web application DDoS attacks rose by 19%. These systems are critical, complex, and often under-defended; making them increasingly attractive to sophisticated threat actors. APIs control payment gateways, login forms, and customer portals – disrupt them, and you disrupt the entire business.

Volumetric attacks are growing too, and the financial sector was the top global target in both 2023 and 2024. October 2024 saw a major spike, with overlapping attack vectors suggesting shared tools or collaboration between attackers.

Hackers are thinking strategically 

These aren’t lone wolves pressing buttons in a basement. They’re well-organised, well-resourced actors employing probing, adaptive tactics to bypass automated defences. In 2024, FS-ISAC members observed highly systematic campaigns: low-volume test attacks to identify weak points, followed by sustained, targeted strikes across multiple institutions.

Some of the groups behind these attacks (such as BlackMeta, NoName057(16), and RipperSec) are ideologically motivated hacktivists. Others are leveraging DDoS-for-hire services like InfraShutdown, making powerful attacks accessible to even moderately skilled actors.

And geopolitics is also fuelling the fire. The escalation of conflicts around the world has led to waves of ideologically-driven attacks. For example, a coordinated campaign in October 2024 targeted over 20 financial institutions across six countries in the Asia-Pacific region.

It’s all about disruption and visibility 

What does this escalation say about the hacker mindset? Put simply, it’s about maximum disruption with minimal risk. DDoS attacks remain attractive because they’re anonymous, affordable, and can have an outsized impact on trust and reputation. 

You don’t need to breach a network to make headlines – you just need to knock a bank’s website offline.

For hackers, this means leverage. DDoS can be a smokescreen for more serious intrusions, or a way to coerce targets into paying ransom. 

What can the cybersecurity sector do? 

Defending against this level of sophistication takes a coordinated, collaborative, and highly strategic approach to security. FS-ISAC’s DDoS Maturity Model outlines how organisations can assess and strengthen their defences – from initial awareness all the way to adaptive, real-time mitigation.

But it’s also about mindset. Abeer Khedr (CISO at the National Bank of Egypt) captured this when we asked her about the threats that concerned her most last year;

“Threats from malware: ransomware continue into the new year, as well as deepfakes and – interestingly enough – all types of misinformation/disinformation. This has an impact on an expected rise in fraud targeting our customers; again, to which we need to direct and intensify awareness efforts.”

And she pointed out a critical gap: 

“According to the World Economic Forum outlook report, inequity between cyber resilient organisations and smaller less resilient ones will continue to increase. This is a cause of concern because the less resilient companies could be our suppliers, our customers; it’s one ecosystem.”

DDoS attacks undermine trust and target the heart of the digital economy 

Today’s DDoS attackers aren’t just trying to crash systems. They’re probing for weak links, undermining trust, and targeting the lifeblood of the digital economy. The financial sector – with its deep dependencies and high stakes – is an irresistible target.

What we’re seeing is a shift in both capability and intent. And if defenders don’t adapt their mindset to match that of their adversaries, the financial sector risks moving from disruption to destabilisation.

As Khedr wisely noted, the goal isn’t just survival – it’s resilience:

“The best thing is the satisfaction you feel when your work is causing tangible improvements in the security posture of your organisation – resulting in enhanced resilience and increased customer trust.”