CrowdStrike: AI Puts Financial Sector in the Crosshairs
Summary
CrowdStrike's 2026 Financial Services Threat Landscape Report reveals a significant increase in cyberattacks targeting financial institutions, driven by AI-powered social engineering and identity-led intrusions. Globally, hands-on-keyboard intrusions surged 43% over two years, reaching 48% for North American firms. The report highlights a record US$2.02 billion in cryptocurrency stolen by DPRK-linked groups in 2025, a 51% year-on-year increase, with proceeds funding military programs. Notably, Pressure Chollima was tied to the US$1.46 billion Bybit hack, and Famous Chollima uses AI-generated identities for access. AI tools are compressing the time from initial access to financial impact, making attacks faster and harder to detect. Additionally, China-linked espionage and financially motivated eCrime groups like Mutant Spider and Scattered Spider are intensifying their activities, with 423 financial services organizations appearing on leak sites in 2025.
Key takeaway
For security leaders in financial services, the escalating AI-enabled threat landscape demands a proactive shift to AI-driven detection and identity-first controls. You should prioritize continuous identity verification, real-time anomaly monitoring, and robust supply chain risk management to reduce attacker dwell time and counter sophisticated social engineering tactics. Strengthening access controls for SaaS and cloud environments is also critical to mitigate the risk of rapid compromise.
Key insights
AI-fueled social engineering and identity-led intrusions are rapidly escalating cyber threats against financial institutions.
Principles
- AI reduces cost for adversary operations
- Identity exploitation bypasses traditional defenses
- DPRK crypto theft funds military programs
Method
Adversaries use AI-generated personas, fake recruiters, and synthetic video conferencing to gain trust and initial access, compressing attack timelines.
In practice
- Implement continuous identity verification
- Monitor for real-time anomalous behavior
- Harden SaaS and cloud access
Topics
- Financial Cybercrime
- AI-enabled Cyberattacks
- Identity-led Intrusions
- Cryptocurrency Theft
- DPRK Cyber Threats
Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, Security Engineer, Executive
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by AI Magazine.