-
Akamai reports a 245% spike in cyberattacks targeting banks and critical businesses since the Iran conflict started.
-
Hacktivists exploit proxy services in Russia and China to launch billions of malicious connection attempts.
-
Banking and fintech sectors absorb 40% of the malicious traffic, with infrastructure scanning dominating attack patterns.
A massive wave of cybercrime has hit businesses worldwide. The numbers tell a concerning story. Akamai’s latest findings reveal attacks have jumped 245% since the Iran war kicked off. Hackers are targeting everything from banks to streaming services.
The CDN provider tracked this surge across multiple attack vectors. Threat actors ramped up credential harvesting attempts. They flooded networks with automated reconnaissance traffic. Critical businesses, especially financial institutions, bore the brunt of these assaults.
Banking Takes the Hardest Hit
Financial services companies faced the most intense attacks. Banking and fintech absorbed 40% of all malicious traffic recorded since February 28. E-commerce platforms came in second at 25%, followed by video gaming companies at 15%.
Technology firms accounted for 10% of the attacks. Media and streaming services saw 7% of the malicious activity. Other industries made up the remaining 3%.
Akamai’s data shows attackers focused heavily on infrastructure scanning and reconnaissance. Botnet-driven discovery traffic jumped 70%. Automated reconnaissance traffic climbed 65%. Hackers significantly increased their scanning of infrastructure and exposed services by 52%.
Credential harvesting attempts rose 45%. Reconnaissance activity ahead of distributed denial of service attacks increased 38%. These numbers paint a picture of coordinated, systematic targeting.
One unnamed US financial services company blocked 13 million packets from Iran over 90 days. The company experienced a network traffic flood exceeding 2 million packets on February 9. That date fell right before military strikes intensified. Two more spikes hit immediately after the conflict escalated.
While US banks faced Iranian-originated traffic, pro-Russian groups have focused their ire on Israeli targets, launching DDoS attacks that have disrupted financial services and government websites, proving that hacktivist activity in this conflict is multi-front and globally sourced.
Russia and China Dominate Source Traffic
Here’s where things get interesting. Iran accounted for only 14% of the source IP addresses. Russia led the pack at 35%. China followed closely at 28%.
This doesn’t automatically mean Russian or Chinese threat groups ran these operations. Both countries have a long track record of ignoring cybercrime networks operating within their borders. They only crack down when domestic government agencies or organizations become targets.
Akamai explains the pattern clearly: “Geopolitically motivated hacktivists use proxy services in countries like Russia and China as a source for billions of designed-for-abuse connection attempts.”
Palo Alto Networks’ Unit 42 senior manager Justin Moore spotted this trend early. He told reporters in early March that his threat-intel team tracked a surge in pro-Russian hacktivist activity.
Moore warned this development “effectively expands the Middle East’s attack surface, and potentially exposes regional infrastructure to high-disruption methods historically utilized by these entities against European interests and NATO.”
Some groups maintain direct ties to government intelligence agencies. Handala, an Iranian hacktivist crew, appears to operate as a front for the Ministry of Intelligence and Security.
The group claimed responsibility for a destructive, data-erasing blow on Stryker, an international medical tech firm based in Kalamazoo, Michigan.
How Organizations Can Defend Themselves
Akamai offers practical advice for organizations facing this threat landscape. Companies that don’t conduct business in certain regions should deny all traffic from those areas. This applies especially to financial services, public utility companies, and healthcare organizations.
The company recommends organizations ask themselves a simple question: Does your service genuinely need users from specific regions? If the answer is no, block that traffic entirely.
Akamai suggests using its firewall to implement these restrictions. However, the core advice holds true regardless of which networking and security gear you deploy. Geographic blocking makes sense during times of geopolitical conflict.
The 245% surge in cybercrime shows how quickly threat actors mobilize during global conflicts. They exploit geopolitical tensions to launch coordinated campaigns. Organizations need to stay alert and adapt their defenses accordingly.
With hacktivists leveraging proxy services across multiple countries, attribution becomes increasingly difficult. But the threat remains real. Companies must strengthen their security posture now, not after they become the next victim.
