The latest NETSCOUT Threat Intelligence Report for July to December 2024 reveals a rapidly evolving and diverse DDoS (Distributed Denial of Service) attack landscape across southern Africa
The findings indicate that while some countries faced a surge in attacks, others, though experiencing fewer incidents, encountered more sophisticated and targeted threats. South Africa, Mauritius, and Angola were among the most targeted nations, while countries like Zambia, Eswatini, and Zimbabwe saw lower volumes but faced increasingly complex attacks.
South Africa leads in attack numbers
South Africa remained the most targeted nation in the region, recording a staggering 130,931 DDoS incidents, although this number was significantly lower than the 230,000+ attacks observed in the first half of 2024. The largest recorded attack peaked at 210.65 Gbps and 20.38 Mpps, utilising 23 distinct attack vectors in one event—the highest of any country in southern Africa. These attacks predominantly targeted sectors such as computer-related services, insurance agencies, brokerages, and computing infrastructure providers, reflecting the country’s prominent role in Africa’s digital economy.
Mauritius experiences significant increase
Mauritius faced a 37% increase in DDoS attacks, registering over 41,800 incidents in the second half of the year compared to 30,446 in the first. The wireless telecommunications sector was the primary target, accounting for nearly 40,000 incidents. Peak attack throughput reached 35 Mpps, with bandwidth surging to 224 Gbps, underscoring the vulnerability of Mauritius’s growing digital infrastructure.
Namibia and Angola: smaller but still vulnerable
Namibia, despite its smaller population, reported 45,283 attacks, positioning it among the top five countries in the region. However, this was a decline from the 76,337 incidents recorded in the first half of 2024. The most common attack vector was DNS amplification, followed by TCP ACK and SYN/ACK amplification. The largest attack recorded in Namibia peaked at 30.11 Gbps and 2.88 Mpps.
Angola also saw an uptick in DDoS incidents, increasing from 14,281 in the first half of the year to 19,046. The nation experienced up to 18 attack vectors in a single event, with DNS amplification being the most prevalent. Wired telecommunications and computing infrastructure providers were the primary victims, with the largest attack peaking at 85.94 Gbps.
Targeted attacks in Eswatini and Zimbabwe
Eswatini recorded a 200% increase in DDoS incidents, rising from 209 attacks in the first half of 2024 to 619 in the latter half. These attacks were mostly focused on the real estate sector, indicating a targeted approach. The average attack duration was 7.3 minutes, with bandwidth below 1 Gbps.
Zimbabwe, on the other hand, recorded 476 DDoS attacks, with telecommunications being the most targeted sector. The largest attack reached 1.07 Gbps and 2.51 Mpps. Unlike other nations, Zimbabwe saw an attack on a retail business, lasting a significant 37 minutes.
Other Countries: Mozambique, Zambia, and Botswana
Mozambique saw a sharp decline in DDoS incidents, with only 425 attacks, a significant drop from 3,145 in the first half of the year. The attacks targeted the computer-related services and satellite telecommunications sectors. In Zambia, DDoS events were fewer, with only 153 incidents, though these attacks involved diverse vectors, highlighting a more sophisticated approach. Botswana, while reporting only 981 attacks, saw most of them directed at wireless telecommunications.
Rising complexity and shared attack vectors
NETSCOUT’s Bryan Hamman, regional director for Africa, emphasises the increasing complexity of DDoS attacks. “The second half of 2024 has shown a marked shift towards multivector attacks, with countries like South Africa, Mauritius, and Angola facing increasingly sophisticated threats.” He adds that these attacks often involve TCP ACK, DNS amplification, and TCP SYN/ACK amplification, which are the most common vectors in the region.
As the digital infrastructure across southern Africa grows, so does the attack surface. Hamman warns that organizations must invest in robust cybersecurity strategies and proactive threat intelligence to stay ahead of evolving threats. “The rise in technical diversity and targeted industry-specific campaigns in countries like Zambia and Mozambique signals a worrying trend,” he says. “Companies must be prepared for more calculated attacks targeting specific sectors.”