The latest NETSCOUT Threat Intelligence Report for the second half of 2024 paints a mixed picture of DDoS [Distributed Denial of Service] activity across southern Africa. While some countries experienced a sharp rise in attack sophistication and volume, others saw fewer incidents but with worrying trends in targeted complexity and technical diversity.
South Africa: High Volume, High Complexity
South Africa remained the most targeted country, recording 130,931 DDoS attacks though this was a major drop from over 230,000 in the first half of the year. Despite the decline, South Africa saw the most complex attacks in the region, with up to 23 different attack vectors used in a single incident. The peak attack hit 210.65 Gbps. Sectors hardest hit included computer services, telecoms, insurance, and banking highlighting the country’s role as a digital hub in Africa.
Mauritius: Fast-Rising Target
Mauritius saw a 37% surge in attacks, with over 41,800 incidents—nearly all aimed at wireless telecoms providers. With a peak attack of 224 Gbps, the island nation’s growing digital footprint appears to be drawing greater attention from cybercriminals.
Namibia: Smaller Size, Big Impact
Namibia reported 45,283 attacks, down from over 76,000 earlier in the year, yet still among the region’s top five. DNS amplification was the main vector, and surprisingly, restaurants emerged as the top targeted industry raising questions about attacker motives.
Angola: Complexity on the Rise
Angola faced 19,046 DDoS attacks, up from 14,281 in the first half of 2024. While smaller in number than South Africa, the attacks involved up to 18 vectors in a single incident. Telecoms and IT infrastructure firms bore the brunt of the assaults, with one attack hitting 85.94 Gbps.
Botswana & Eswatini: Industry-Specific Targeting
Botswana recorded 981 attacks, nearly all aimed at wireless telecoms. Eswatini, although with only 619 attacks, saw a 200% increase from the previous period. Notably, the real estate sector was specifically targeted, pointing to more deliberate threat campaigns.
Zimbabwe & Mozambique: Target Shifts
Zimbabwe experienced 476 attacks, up from 189 earlier in 2024. Telecoms, supermarkets, and even a sporting goods store were targeted, with one attack lasting 37 minutes. Mozambique saw a significant drop—from over 3,100 to just 425 attacks—but the focus shifted to computer services and satellite telecoms.
Zambia: Fewer Attacks, Smarter Threats
Zambia had the lowest number of incidents [153], yet attackers employed diverse techniques, with up to eight vectors in one attack. The IT sector was the main focus, highlighting a shift to more tactical strikes.
Key Regional Trends
Across the region, attackers increasingly used multisector strategies, relying heavily on TCP ACK, TCP SYN/ACK, and DNS amplification. NETSCOUT warns that even countries with lower volumes are seeing more targeted, calculated campaigns.
As Bryan Hamman, NETSCOUT’s regional director, noted, “As digital ecosystems across southern Africa expand, so too does the attack surface.” The message is clear: DDoS threats are evolving, and proactive, layered cybersecurity strategies are no longer optional, they’re essential.
