South Africa has become one of the most targeted countries globally for distributed denial-of-service (DDoS) attacks against certain key industries, including financial and computer services.
New data from NetScout’s Threat Intelligence Report for the second half of 2025 reveals that, while the country continues to face the highest overall attack volumes on the African continent, it is also increasingly being targeted in sectors critical to economic stability and digital transformation.
NetScout’s industry analysis shows that South Africa ranks among the top countries worldwide for DDoS attacks across several sectors. Notably, the country is listed as:
- Number one globally for attacks on insurance agencies and brokerages;
- Number one globally for commercial banking targeting;
- Number one globally for strikes against portfolio management and investment advisory services;
- Number one globally for computer systems design services onslaughts;
- Number one globally for attacks on other computer-related services;
- Number four globally for assaults on electronic computer manufacturing; and
- Number 10 globally for bombardments against all other telecommunications.
These rankings underscore the country’s prominence in global cyberthreat activity targeting financial systems and digital infrastructure.
Between July and December 2025, South Africa recorded 171 812 DDoS attacks, highlighting the scale of the local threat landscape. The average attack duration exceeded 74 minutes, increasing the risk of prolonged service disruption.
The wireless telecommunications sector remains the most targeted industry locally, with more than 109 000 attacks recorded. As the backbone of digital connectivity, telecom providers are frequent targets for attackers aiming to create widespread downstream disruption.
However, the concentration of attacks on banking, insurance and investment services points to a clear focus on high value, high dependency sectors.
At the same time, the targeting of computer-related services, including IT providers and digital platforms, reflects a broader attempt to disrupt the ecosystems that enable business operations and online services.
Bryan Hamman, regional director for Africa at NetScout, comments: “According to the latest Threat Intelligence Report, the South African threat landscape is also becoming more sophisticated. Attackers are increasingly deploying multivector DDoS attacks, combining multiple techniques within a single incident to overwhelm defences.
“Common methods include TCP ACK floods, TCP RST floods, DNS amplification and SYN floods. The maximum number of vectors seen in a single attack was 26, the highest seen in Africa. This certainly marks a sustained shift toward more adaptive and harder to mitigate attack strategies.
“South Africa’s advanced financial sector, together with its expanding digital economy and role as a regional connectivity hub, makes it an attractive target for both opportunistic and coordinated cyberattacks,” he adds.
“At the same time, as noted in our 2H 2025 report, the global rise of AI-driven DDoS operations and dark web LLMs (large language models), persistent hacktivist and botnet activity and more accessible DDoS-for-hire services are lowering the barriers to entry, enabling a wider range of threat actors to launch high impact attacks at scale.
“These findings highlight the urgent need for organisations to strengthen their cyber resilience strategies,” continues Hamman. “As attacks grow in scale, frequency and complexity, local businesses must adopt real-time, intelligence-led approaches to detection and mitigation.”