cybersecurity risks — Cyprus-based fintech firms are increasingly exposed to cybersecurity risks, particularly Distributed Denial of Service (DDoS) attacks, as revealed in a recent report by Qrator Labs. This analysis highlights the alarming trend of rising attacks on digital businesses, with fintech, e-commerce, IT, and media identified as the most targeted sectors globally in 2025.
Cybersecurity risks: Alarming Statistics on DDoS Attacks
The annual report indicates that nearly three-quarters of all DDoS attacks in 2025 were concentrated within four digitally reliant industries. Fintech was particularly hard hit, accounting for 26.6 per cent of total attacks, followed closely by e-commerce at 21.3 per cent, information and communication technology at 13.4 per cent, and media at 11.6 per cent. Collectively, these sectors represented approximately 75 per cent of all recorded DDoS incidents that Qrator Labs mitigated throughout the year.
Insights from Qrator Labs
The findings stem from telemetry data collected by Qrator Labs’ traffic filtering infrastructure during real-world DDoS attacks. For Cyprus, which is home to a burgeoning ecosystem of fintech companies engaged in electronic payments, digital currencies, tokens, and related technologies, the report underscores the pressing need for enhanced cybersecurity measures.
Criminal Exploitation of Fintech Vulnerabilities
According to Qrator Labs’ CTO Andrey Leskin, criminal groups are keenly observing new payment methods and their vulnerabilities. “These new and not yet fully tested payment methods can be exploited for illicit purposes, including money laundering, payment obfuscation, theft, extortion, and fraud,” he explained in an interview with the Cyprus Mail.
Leskin further elaborated that DDoS attacks are often used as a form of blackmail. “They often use DDoS attacks as a means of blackmail in exchange for stopping the attack,” he said, highlighting the interplay between cybercrime and fintech.
Combining DDoS Attacks with Fraud Schemes
Malicious actors are increasingly employing tactics that combine DDoS attacks with fraud schemes to mislead customers. “Attackers can send a phishing email to customers of a fintech company, linking to a fake website masquerading as the official site,” Leskin noted. “Simultaneously, they launch a DDoS attack against the real company website, rendering it temporarily unavailable.” This dual approach capitalises on the confusion of users, who may inadvertently share their personal and financial data on fraudulent sites.
The Scale of the Threat: A Record-Breaking Botnet
The report also sheds light on the emergence of the largest DDoS botnet ever documented, illustrating the scale of the threat posed to businesses. Over the course of 2025, this botnet expanded from 1.33 million to 5.76 million compromised devices, with the highest concentrations found in Brazil, Vietnam, the United States, India, and Argentina. Qrator Labs suggests that this rapid growth of attack infrastructure across multiple regions exacerbates global systemic risk.
Automated Abuse and Its Impact on E-commerce
Beyond DDoS attacks, there has been a significant rise in other forms of automated abuse. The report found that bad bot activity surged by 30 per cent year on year, with e-commerce remaining the most targeted sector, accounting for 41.1 per cent of all recorded bad bot activity during 2025. This trend poses a substantial threat to online retailers and their customers.
Operational Challenges for Businesses
Leskin highlighted the evolving threat landscape, which presents new operational dilemmas for businesses. “If we restrict access for malicious bots using tools like CAPTCHAs, we also end up blocking legitimate bots that collect information for AI-powered browsers and search tools,” he explained. This creates a challenging environment where companies must balance security with user experience.
The Need for Improved Connectivity
Concerns specific to Cyprus’ digital resilience were also raised in the report. Leskin pointed out that the island’s external internet connectivity remains limited and vulnerable to disruptions, particularly from underwater cable issues. “Large-scale DDoS attacks or bot activity targeting individual companies could trigger partial or even complete connectivity disruptions for other businesses operating in Cyprus,” he warned.
To mitigate these risks, companies need to organise DDoS protection both locally and through mitigation points in other countries. Leskin also emphasised the necessity of support from local internet service providers to enhance connectivity with neighbouring countries such as Greece, Israel, and Egypt.
The Path Forward in Cybersecurity
Qrator Labs, a Czech cybersecurity firm with a presence in Limassol, underscores the urgency for fintech firms in Cyprus to bolster their cybersecurity measures. As the landscape of threats evolves, the challenge for 2026 will not only be distinguishing between human and bot traffic but also identifying malicious automated activities amid legitimate robotic traffic. The stakes are high, and the need for robust cybersecurity strategies has never been more critical for the fintech sector in Cyprus.
