Despite layered defenses against common cyber threats, the digital supply chain in the modern fintech sector remains vulnerable. Cybercriminals are gladly using the opportunity to attack the industry, experts say.
-
Despite layered defenses against common cyber threats, the digital supply chain in the modern fintech sector remains vulnerable.
-
Every fintech company depends on a wide range of external vendors – software developers, cloud platforms, or network providers – which may lack protection.
-
Generative AI tools are growing in sophistication: phishing messages are more convincing, and voice or video impersonation is more accessible than ever.
Indeed, according to Kroll’s 2025 Financial Crime Report, 68% of over 600 surveyed financial executives cited cybersecurity and data breaches as the top risk, while 61% identified AI threats, including deepfakes, as a significant concern.
What’s more, 56% of respondents also cited cybersecurity threats in the supply chain as a critical challenge for the coming year.
Qrator Labs, a Czech cybersecurity company, agrees. According to its experts, the financial industry is under sustained pressure as cybercrooks ramp up DDoS campaigns, threaten the digital supply chain, and employ AI-based attack tools.
This is not even surprising, really. Digital transformation has truly accelerated, and the risks are staying in step, as criminals are always going to target sectors with a lot of money in them.
“Digital financial infrastructure is under constant pressure from ransomware gangs, operators of massive botnets, and hacktivist groups seeking either financial gain or disruption,” said Qrator Labs.
According to Qrator researchers, in the first quarter alone, 54% of all application-layer DDoS attacks targeted fintech services, far outpacing e-commerce and telecom. The sector also ranked second in infrastructure-layer DDoS attacks, accounting for more than 22% of incidents.
Radware’s recent Financial Services in 2025 report found that in 2024, financial institutions experienced a 27% year-over-year increase in cyberattacks.
And even though layered defenses have been built in recent years, they can’t really help when the digital supply chain is exposed. Every fintech company depends on a wide range of external vendors – software developers, cloud platforms, or network providers – many of which lack the same level of protection.
This means that attackers don’t need to breach the institution directly. Compromising a loosely secured service provider can be just as effective.
AI is also playing an increasingly important role. Generative AI tools are growing in sophistication: phishing messages are more convincing, and voice or video impersonation is more accessible than ever.
“Even the most security-conscious financial institutions rely on a wide network of external providers – from marketing platforms and content delivery networks to cybersecurity services and DNS registrars,” said Andrey Leskin, chief technological officer at Qrator Labs.
With generative AI making it trivially easy to craft convincing phishing messages, clone voices, and even fake video calls, vendors indeed become easier targets.
“Cybercriminals know this and are increasingly targeting the digital supply chain, where defenses are often weaker.”
According to Leskin, with generative AI making it trivially easy to craft convincing phishing messages, clone voices, and even fake video calls, vendors indeed become easier targets.
“Compromising one can be just as effective as breaching the bank itself. The question is no longer whether your own perimeter is secure, but whether your partners’ defenses are strong enough to withstand AI-based threats,” said Leskin.
A typical example of what could happen was reported back in January. Several million personal data files, gathered by a Mexican financial company, Miio, were exposed on a popular cloud service provider’s bucket.
Your email address will not be published. Required fields are markedmarked