How much has malicious internet traffic increased since the Iran war began?

Akamai Technologies recorded a 245% increase in malicious internet traffic targeting businesses in North America, Europe, and Asia-Pacific since 28 February 2026, the day the US and Israel struck Iran.

Which countries are most responsible for the cyber traffic surge?

By source IP geography, Russia accounts for 35% of the surge, China 28%, and Iran 14%, according to Akamai data published in March 2026. Researchers note that source IP does not necessarily equal attacker nationality, as both Russia and China host large criminal infrastructure markets.

What industries are being targeted most heavily?

Palo Alto Networks' Unit 42 documented increased reconnaissance activity against energy, logistics, and financial services sectors within 48 hours of the February 28 Iran strikes. Payment processors have seen hundreds of millions of malicious packets blocked per month.

What should businesses do to protect themselves right now?

Unit 42 and ASIS International recommend patching internet-facing systems immediately rather than on quarterly cycles, enabling multi-factor authentication on all remote-access services, and reviewing cloud storage access controls. Smaller supplier networks are considered the most exposed weak point in enterprise security chains.

Iran War Triggers 245% Cyber Traffic Surge

Global malicious internet traffic has surged 245% since the Iran war began February 28, with Russia and China source IPs leading the threat, per Akamai data tracking the conflict's digital front.

Since 28 February 2026 — the day the United States and Israel struck Iran — Akamai Technologies has recorded a 245 percent increase in malicious internet traffic targeting businesses and institutions across North America, Europe, and parts of Asia-Pacific. That figure, drawn from Akamai's global edge network monitoring data, is not primarily an Iran story. It is a Russia and China story, which makes it considerably more complicated.

Of the source IPs behind the surge, Russia accounts for 35 percent and China 28 percent, according to Akamai's analysis published in March 2026. Iran contributes 14 percent. Researchers at Akamai and Palo Alto Networks' Unit 42 group have been careful to note that source IP geography does not equal attacker nationality — both Russia and China host large underground cybercrime service markets that sell attack infrastructure to clients regardless of origin. What the data shows is that criminal and state-aligned threat actors have been systematically exploiting the distraction created by a major geopolitical crisis to intensify opportunistic and targeted attacks.

cybersecurity 2026 · Iran war cyber · malicious traffic

The scale at the enterprise level is striking. A critical payment processing platform in Asia-Pacific blocked more than 11 million malicious packets originating from Russian-origin IPs in a single day during March 2026, according to the Akamai report. A major European payment processor blocked nearly 978 million packets from Russian-origin IPs over a 90-day window. These are not headline-grabbing nation-state intrusions into defence contractors; they are sustained, volumetric attacks against financial infrastructure that processes daily commerce.

Continue reading to see the full article

Iran War Triggers 245% Cyber Traffic Surge

Key Takeaways

Frequently Asked Questions

Iran War Triggers 245% Cyber Traffic Surge

Key Takeaways

Frequently Asked Questions

More in Tech & AI