According to Akamai, cybercrime has increased by 245% since the start of the Iran conflict. The surge includes credential harvesting attempts, automated reconnaissance, and attacks targeting banks and other critical sectors.
Banking and fintech have been the most affected, accounting for 40% of malicious traffic since February 28. This is followed by e-commerce at 25%, video games at 15%, technology firms at 10%, media and streaming services at 7%, and other sectors at 3%.
A large portion of the activity involves infrastructure scanning and reconnaissance. Botnet-driven discovery traffic has increased by 70%, while automated reconnaissance is up by 65%. There has also been a rise in scanning of exposed systems (52%), credential harvesting attempts (45%), and reconnaissance linked to distributed denial-of-service attacks (38%).
In one case, a US-based financial services company blocked 13 million packets originating from Iran over the last 90 days. A major spike of over 2 million packets was recorded on February 9, just before military strikes, followed by additional surges after the conflict began.
However, only 14% of the malicious traffic originated from Iran. Russia accounted for 35% of source IPs, while China contributed 28%. Experts note that this does not necessarily mean attackers are based in these countries, as proxy services are often used to mask origins.
As noted, “geopolitically motivated hacktivists are using proxy services in countries like Russia and China as a source for billions of designed-for-abuse connection attempts.”
Security researchers have also observed a rise in pro-Russian hacktivist activity. This trend is said to be expanding the Middle East’s attack surface and exposing regional infrastructure to disruptive cyber tactics previously used against NATO and European targets.
Some groups are believed to have links to state intelligence agencies. One such group, Handala, reportedly claimed responsibility for a data-wiping attack on Stryker, a global medical technology company.
Akamai has advised organisations to block traffic from regions where they do not operate, especially during periods of geopolitical tension, to reduce exposure to cyber threats.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
