Destructive Attacks on Financial Institutions Surge 13%: The 2025 Cybersecurity Report

Anatomy of Destructive Attacks

Wiper Malware

Designed to permanently destroy data by overwriting storage. No recovery path except restoring from offline backups.

Supply Chain Attacks

Destructive attacks increasingly exploit vendor access and software updates to reach financial targets.

Infrastructure Targeting

Payment networks, settlement systems, and market infrastructure targeted with increasing frequency.

Threat Actors

Nation-states (Iran, Russia, North Korea), hacktivists, and sophisticated criminal groups drive the surge.

For DORA Art. 24, testing must include destructive scenarios — verifying offline backups exist, are current, and can rebuild critical systems.

The Numbers Behind the Threat

On February 5, 2025, Infosecurity Magazine reported that destructive cyberattacks against financial institutions surged 13% in 2025. "Destructive" means attacks designed to destroy data, disable systems, and disrupt operations — not data theft or ransomware.

The 13% increase was driven by growing nation-state capabilities, proliferation of wiper toolkits, expanding attack surface from cloud migration, and escalating geopolitical tensions.

For DORA, this provides empirical foundation: the regulation responds to a real, growing, and accelerating threat. Recovery from destructive attacks is fundamentally different — no data to decrypt, no negotiation possible. The only defense is pre-positioned resilience: offline backups, tested recovery, and rebuild capability.

DORA Against Destructive Threats

Art. 9 — Protection

Immutable offline backups, network segmentation, application whitelisting, and wiper-aware EDR.

Art. 11 — Recovery from Destruction

Business continuity must plan for total destruction requiring full rebuild from offline backups. RTOs must account for rebuild complexity.

Art. 24-27 — Testing Destructive Scenarios

TLPT should simulate wiper deployment verifying detection, isolation, and restoration capabilities.

Art. 45-49 — Intelligence on Destructive Threats

Early warning of wiper campaigns through Pillar V sharing enables sector-wide defense.

The Statistical Case for DORA

The 13% surge demonstrates DORA is necessary (threat is real and targeting finance), proportionate (requirements match a double-digit growth threat), and urgent (every year of delay increases probability of catastrophic incident).

Recommendations

• Prioritize destructive attack resilience in DORA programmes
• Implement and test verified offline backup capabilities
• Invest in detection for pre-deployment indicators
• Share threat intelligence actively via DORA Pillar V