Thought Leadership
Security provider Akamai has recorded a 245 percent increase in malicious internet traffic. Attackers are primarily operating through proxy infrastructure based in Russia and China.
The armed conflict with Iran is having a significant impact in the digital realm as well. Since late February, Akamai has measured an enormous surge in malicious network activity. The CDN provider puts the increase at 245 percent and describes a broad spectrum of attack patterns, ranging from automated infrastructure reconnaissance to the mass harvesting of login credentials.
Financial sector in the crosshairs
Four out of ten malicious requests targeted banks and fintechs. A quarter were directed at online retail. The gaming industry, technology companies, and media and streaming providers followed close behind.
Akamai highlights the notable rise in preparatory activity. Botnets are increasingly scanning infrastructure, automated tools are probing for exposed services, and attackers are systematically collecting credentials. Preparations for large scale DDoS attacks have also increased noticeably.
A single case: millions of blocked packets
Akamai details the case of a U.S. financial company that had to fend off 13 million data packets originating from Iran within a 90 day window. A particularly intense wave hit the company as early as February 9, before the military operation had even begun. After the outbreak of the war, additional spikes followed.
Iran itself accounts for only 14 percent of the identified source IP addresses. More than a third originate from Russia, and roughly a quarter from China. Akamai emphasizes, however, that the geographic origin of an IP address reveals little about the actual location of the attackers. Both countries have long been known as locations where cybercriminal infrastructure can operate largely undisturbed, as long as it is not directed at domestic targets.
Hacktivists driven by geopolitical motives have deliberately used these proxy services for billions of abusive connection attempts, according to Akamai.
Regional traffic blocking as a defense strategy
Akamai advises affected organizations to completely block access from regions where they have neither customers nor business partners. This applies especially to financial services, utilities, and healthcare organizations. The provider naturally points to its own firewall solution but acknowledges that this approach is fundamentally sound regardless of the product being used.
