DDoS Attacks in Indonesia Surge 62 Percent, Posing Challenge for Cybersecurity Industry
Cybersecurity firm StormWall, a specialist in DDoS protection, has reported that DDoS attacks against organisations in Indonesia increased by 62 percent in the first quarter of 2026 compared to the same period the previous year. StormWall founder and CEO Ramil Khantimirov explained that the company itself mitigated more than 280,000 attacks targeting Indonesian organisations during the first three months of this year, or approximately 3,100 attacks per day. “Around 70 percent of attacks on Indonesian targets were financially motivated, with 41 percent of those accompanied by ransom demands,” Ramil said in a statement on Friday, 19 June 2026. This figure is higher than the global average, which hovers around 30 percent. The findings warrant attention, given that globally, hacktivism-driven attacks were more prevalent than commercially motivated attacks in Q1 2026, partly due to ongoing conflicts in the Middle East. “DDoS attacks in Indonesia also last longer than the global average. Only 62 percent of attacks ended in less than five minutes, whereas globally that figure reached around 78 percent,” he stated. From a technical perspective, the number of multi-vector attacks rose by 47 percent compared to the previous year. Currently, 62 percent of all attacks combine two or more attack vectors, while 26 percent combine three or more vectors. Meanwhile, probing attacks increased by 81 percent, and carpet bombing attacks rose by 76 percent. Among the most frequently targeted sectors, telecommunications ranked first, accounting for 26 percent of all attack traffic. This sector was followed by the entertainment industry (22 percent) and the financial sector (17 percent). It is worth noting that the entertainment industry is a more dominant target in Indonesia than globally. Based on StormWall data, only 9 percent of DDoS attacks worldwide target this sector. “In Indonesia, DDoS attacks are more about money than politics,” Ramil said. He added that one trend observed by his team is the rise of low-and-slow probing activity, a low-intensity, gradual attack where perpetrators deliberately keep traffic volumes below detection thresholds to identify weak points before launching a main assault.