There has been a continued increase in distributed denial of service (DDoS) attacks across southern Africa, marking the region as a growing hotspot for cyberthreats, according to Netscout’s DDoS Threat Intelligence Report for the first half of the year.

This trend is consistent with the rise in DDoS activity worldwide, which has seen a 43% increase in application-layer attacks and a 30% increase in volumetric attacks globally in the first six months of 2024.

The report highlights how both global and regional adversaries, including hacktivists, are increasingly focusing their attacks on critical sectors like finance, government, and utilities.

DDoS attacks in Southern Africa mirror global trends, with organisations from sectors including financial services, telecommunications and IT facing sophisticated, multi-vector attacks that pose significant operational risks as cybercriminals increasingly use advanced technologies such as bot-infected devices and distributed command-and-control (C2) infrastructures.

Bryan Hamman, regional director for Africa at NETSCOUT, highlights the mounting pressures: “Southern Africa is increasingly in the crosshairs of coordinated, large-scale DDoS attacks that disrupt vital services and threaten to undermine economic growth,” says Bryan Hamman, regional director for Africa at Netscout. “Businesses and governments alike need to take urgent action to defend against these threats.”

 

South Africa: One of the top 5 most targeted countries in EMEA

As the economic hub of the region, South Africa continues to bear the brunt of cyberattacks and is, in fact, within the top five most targeted countries within the Europe, Middle East and Africa (EMEA) region for the first half of the year, says the Netscout report, along with Germany, France, Poland, and Saudi Arabia. The country experienced 230 416 attacks over the first half of the year – with one single attack incorporating 28 different attack vectors.

The country’s telecommunications industry, both wireless and wired, has been targeted with 54 455 and 1 147 attacks respectively within the first six months of the year. Computer-related services organisations experienced more than 47 000 attacks over the period with insurance agencies and brokerages (10 720 attacks) and beauty salons (5 397 attacks) also noted as being within the top five most attacked sectors.

 

Namibia: Cross-sector attacks

While South Africa led in attack volume, Namibia recorded notably fewer DDoS attacks – numbering 76 337 in total – but at the same time, these were, in contrast, highly sophisticated multi-vector attacks pointing to varying threat strategies across the region. Attackers utilised up to 16 vectors including DNS and CLDAP amplification with the largest reaching 9.08 Gbps in bandwidth. The most common attack vector was DNS amplification, responsible for 55 526 attacks. The most targeted industries were full-service restaurants, other computer-related services, and wired telecommunications.

 

Angola: High-intensity DDoS threats with multi-vector complexity

Angola suffered the third highest number of DDoS attacks within Southern Africa with 14 281 in the first half of this year. The largest attack reached 36.79 Gbps and attackers used up to 19 vectors including DNS and CLDAP amplification.

“The data processing and hosting sector was hit hardest with over 2 700 attacks and the average attack lasted 161 minutes, showing the persistence and scale of threats,” says Hamman. “The highest peak bandwidth observed was 96 Gbps in March – with a peak throughput of 40 Mpps recorded in June.”

 

Mozambique: A new frontier for DDoS threats

Mozambique’s DDoS landscape in 1H 2024 saw 3 145 attacks with the largest attack reaching 6.06 Gbps in bandwidth. Sectors under fire were wireless telecommunications, which experienced 1 902 attacks, followed by other computer-related services and engineering services. Attack vectors commonly used include CLDAP and DNS amplification with one notable attack employing 12 different vectors. The average duration of incidents was around 13 minutes with the highest impact seen in bandwidth and throughput.

 

Zambia: Increasing attacks on critical infrastructure

In 1H 2024, Zambia faced 428 DDoS attacks with the largest reaching 39.21 Gbps in bandwidth. Attackers employed up to 11 vectors in a single attack including DNS amplification, ICMP and TCP SYN/ACK. The most targeted sector was wireless telecommunications, though satellite communications also saw disruptions. The average attack lasted just under 14 minutes with a peak throughput of 4 Mpps recorded in January.

 

Eswatini: Small country, significant threats

Eswatini, while smaller in terms of its physical size, is not immune to the surge in DDoS attacks. In 1H 2024, the country experienced 209 DDoS attacks with the largest attack reaching 1.84 Gbps in bandwidth and 0.49 Mpps in throughput. Attackers employed up to seven vectors including DNS amplification, TCP SYN and UDP. The average duration of attacks was just over nine minutes. The most affected sector was other computer-related services which saw five significant attacks. The peak bandwidth recorded was 4 Gbps on April 1, 2024.

“Even smaller nations like Eswatini are being touched by the global rise in DDoS activity,” says Hamman. “Their critical infrastructure is under siege making it imperative for these countries to strengthen their cybersecurity defences.”

 

Zimbabwe: Extended DDoS attacks challenge telecommunications

Of the Southern African countries monitored, Zimbabwe experienced fewer attacks than others with 189 DDoS attacks over the same period. The largest attack reached 11.77 Gbps in bandwidth and top attack vectors included DNS amplification, ICMP and TCP SYN. The wireless telecommunications sector was the most impacted with 15 attacks averaging 732 minutes in duration. A multi-vector attack using up to eight vectors was observed, showcasing the evolving threat landscape, while the longest attack peaked at 14 Gbps on 12 May.

 

Looking ahead: A call for regional cyber resilience

Findings from Netscout’s report serve as a stark reminder that southern Africa is becoming a more prominent target for cyberattacks. The report calls for immediate action to enhance DDoS protection strategies – particularly considering the increasing complexity and scale of attacks.

“Southern Africa must bolster its cyber resilience,” says Hamman. “As cyberattacks become more sophisticated, it is crucial for organisations of all types to build a more robust cybersecurity framework. Netscout’s data provides invaluable insights that can help the region stay ahead of these evolving threats.”