The newly released NETSCOUT Threat Intelligence Report for July to December 2024 reveals a complex and contrasting distributed denial of service (DDoS) attack landscape across southern Africa. According to the report, South Africa, Mauritius and Angola were among the most heavily targeted nations over the second half of last year, while countries like Zambia, Eswatini and Zimbabwe experienced lower attack volumes but faced evolving and increasingly complex threats.
Highest number of attacks and vectors reported in South Africa
South Africa once again recorded the highest number of DDoS attacks in the region by a considerable margin with 130,931 events, although this has dropped significantly compared to the more than 230,000 incidents seen over the first half of 2024.
The largest attack peaked at 210.65 Gbps and 20.38 Mpps, with a maximum of 23 attack vectors used in a single incident — the highest in southern Africa – led by TCP ACK, DNS Amplification and TCP SYN/ACK amplification.
Top targeted industries included computer-related services businesses, insurance agencies and brokerages as well as computing infrastructure providers, reflecting South Africa’s digital maturity and central role in Africa’s online ecosystem. Interestingly, both wired and wireless telecommunications providers, portfolio management companies and commercial banking organisations also rated amongst the 10 most attacked sectors in South Africa.
Mauritius under siege, as DDoS attacks jump by 37 percent
Mauritius continues to be a key local hotspot, registering over 41,800 attacks, a marked increase over the 30,446 incidents in the first half of last year. The wireless telecommunications carriers sector alone accounted for nearly 40,000 incidents, making it one of the most targeted verticals across the region, followed to a lesser degree by wired telecommunications and full-service restaurants.
Peak throughput reached 35 Mpps and peak bandwidth reached 224 Gbps, confirming the nation’s growing vulnerability due to its increasing digital infrastructure.
Namibia sees fewer attacks but remains regional hotspot
Despite a relatively small population size when compared to other southern African countries, Namibia reported 45,283 attacks, placing it among the top five in the region. However, this was a noteworthy decrease after the 76,337 experienced in the former half of 2024.
The most used vector was DNS amplification (34,508 incidents), followed by TCP ACK and TCP SYN/ACK amplification. The largest recorded attack reached 30.11 Gbps and 2.88 Mpps. Notably, restaurants were flagged as the number one targeted sector, followed by computer services businesses and wireless telecommunications organisations.
More attacks, greater complexity: Angola’s growing DDoS challenge
With an increased 19,046 DDoS attacks over the 14,281 incidents in the first half of 2024, Angola faced up to 18 distinct vectors in a single event. The DNS amplification vector was dominant (4,753 attacks), with significant use of TCP ACK and TCP SYN as well.
Wired telecommunications and computing infrastructure providers were the primary victims, with the largest attack hitting 85.94 Gbps and an average duration of 76.13 minutes.
Botswanan telecommunications in the crosshairs
Botswana recorded 981 attacks, which almost exclusively affected wireless telecommunications organisations, with a maximum bandwidth of 2.49 Gbps and average duration of 29 minutes. The dominant vector was TCP SYN/ACK amplification.
Eswatini suffers specific targeting
Eswatini saw 619 incidents over the last six months of 2024; up from 209 for the first half of the year and representing an increase of effectively 200 percent. A number of these attacks were specifically directed toward the real estate sector, suggesting focused rather than opportunistic activity. The average attack duration was shorter than for other southern African countries, at 7.3 minutes, with bandwidth below 1 Gbps.
High intensity strikes in Zimbabwe
Zimbabwe experienced 476 DDoS attacks over the period, with the largest recorded attack reaching a bandwidth of 1.07 Gbps and a throughput of 2.51 Mpps.
Where the country had previously recorded only 189 attacks over the first six months of 2024, telecommunications bore the brunt of high-impact attacks over the second part of the year, experiencing the maximum bandwidth and throughput. This was followed by supermarkets and grocery retailers, as well as one attack on a local sporting goods retail business, which was the longest specific DDoS duration in the country at 37 minutes.
Tech and telecoms under fire in Mozambique
Mozambican organisations were subjected to a total of 425 DDoS attacks, most commonly of the TCP ACK and TCP SYN/ACK amplification variety, a serious reduction in attack frequency after the 3,145 incidents over the first half of the year.
With a peak attack rate of 1.83 Gbps, computer-related services and satellite telecommunications were the two main verticals under attack noted in the 2h 2024 report.
DDoS attacks drop in Zambia
Zambia experienced the lowest number of DDoS events in the region, at 153, down from 428 from January to June 2024, with the largest attack measured at 9.63 Gbps and 0.95 Mpps.
While relatively low in volume, the attacks were technically diverse, with up to eight vectors used in a single incident. Top vectors included TCP SYN/ACK, TCP ACK and DNS amplification, and almost all attacks were directed at the computer services field.
Shared vectors and regional trends
“The NETSCOUT data revealed in the second Threat Intelligence Report for 2024 underlines a rapidly evolving DDoS threat landscape across southern Africa, with countries like South Africa, Mauritius and Angola facing high volumes of increasingly sophisticated attacks,” explains Bryan Hamman, regional director for Africa at NETSCOUT.
“Across the board, TCP ACK, DNS amplification, TCP SYN/ACK amplification and ICMP remain the most used attack vectors within the region, and the practice of multivector attacks in many of the countries shows a shift toward more sophisticated, layered methods designed to bypass standard mitigation measures.
“And even while other countries, such as Zambia and Mozambique, reported fewer incidents, the technical diversity and targeted nature of the attacks reveal a concerning trend toward more calculated and industry-specific campaigns.
“As digital ecosystems across southern Africa expand, so too does the attack surface,” adds Hamman. “Organisations must remain vigilant, investing in proactive threat intelligence and robust, multi-layered cybersecurity strategies to stay ahead of threat actors targeting the region.”
NETSCOUT is a leading provider of enterprise performance management, carrier service assurance, cybersecurity and DDoS protection solutions. For more information, please visit https://www.netscout.com/
