AI Botnets Drive Surge in Financial Sector DDoS Attacks

API Security AI Botnets Drive Surge in Financial Sector DDoS Attacks Akamai Links Attack Growth to AI-Enabled Botnets and Hacktivists Tiffany Wang • May 20, 2026     Credit Eligible Get Permission Image: AntonKhrupinArt/Shutterstock Artificial Intelligence-powered bots and hacktivists bombarded financial services with denial-of-service attacks at record volume and duration in 2025. See Also: Bank on Seeing More Targeted Attacks on Financial Services Network and transport layer DDoS attacks on financial services lasted 738% longer, and the number of these attacks reached 2.41 billion, far more than in any other industry, finds content delivery network and cloud provider Akamai in a report published Wednesday. Attackers also went after APIs and the domain name system. Virtually every financial service firm experienced an API incident in the past year, according to an Akamai survey. "TurboMirai is one of the main factors that drove these new peak heights," Akamai's Advisory CISO Steve Winterfeld told ISMG, describing a new class of botnets like Aisuru that are capable of multi-terabit-per-second DDoS attacks (see: Aisuru, KimWolf Botnets Disrupted in International Operation). Advanced bot activities surged by almost 150% in late 2025, says the report. Threat actors mimicked legitimate browser behaviors and hid attack traffic more adeptly with the help of AI. "Now we're seeing a lot of those things done through AI - the reconnaissance, the agility in how you attack, the actions after you get in - it's increased the speed and complexity of the attacks," Winterfeld said. "It's not that I didn't expect it. It's just the speed it's moving is surprising," he said. Report data came from traffic Akamai observed through its own web application firewall and cloud-based DDoS protection service. It finds that within financial services, banking was hit the hardest, accounting for 60% of total web attacks and over 80% of API-related incidents. These types of attacks disrupt account payments and third-party access to financial data and payment initiation. Malicious traffic detected in Europe and the Middle East tended to originate from Iran and Russia, while several large-scale attacks in Asia coincided with military drills in the Taiwan Strait and naval standoffs in the South China Sea. Since onset of U.S. and Israeli-instigated war in Iran, there had been a 245% spike in attacks on businesses in North America, Europe and parts of Asia-Pacific, Akamai states in a blog on geopolitical threats. The Financial Industry Regulatory Authority also has warned that Iranian threat actors might be targeting U.S. banks. "The United States can impose sanctions against somebody like Russia for the Ukraine war. [Russia] can't do economic sanctions against us, but they can go tell some cyber criminals, 'Hey, since you live in our country and we don't arrest you for attacking America, we would love it if you would attack European banks. If it makes the news that people lose confidence in the banks and access to money, then that would have a political impact," Winterfeld explained.