NETSCOUT SYSTEMS has released its latest Threat Intelligence Report for the second half of 2024, highlighting the evolving cyber threat landscape across East Africa.
A number of sectors across countries within the region, including Kenya, Uganda, Tanzania, Seychelles, Djibouti, Ethiopia and Rwanda, have experienced ongoing distributed denial of service (DDoS) attacks, in line with the 3,782,832 strikes seen over the past six months within Europe, Middle East and Africa (EMEA).
“NETSCOUT’s 14th issue of its Threat Intelligence Report found that global DDoS attacks increased by 12.75 percent compared to the previous six-month period to 8,911,312,” said regional director for Africa at NETSCOUT, Bryan Hamman.
When honing in specifically on East Africa, the continued DDoS attacks across the region between June and December of 2024 are a clear signal that no sector or country is off-limits to threat actors.”
“Across East Africa, we’re seeing a broader variety of attack vectors, higher levels of complexity and increasing targeting of critical industries – from telecoms to financial services and even retail.”
Kenya sees high-volume, complex attacks
Recording the highest number of attacks within East Africa, Kenya was exposed to a total of 34,687 DDoS incidents during this period, albeit down from the 57,319 it faced during the first half of 2024.
Key industries targeted included computer-related services, wireless and wired telecommunications, portfolio management and investment advice organisations, clothing and accessories retailers, certified public accountants and commercial banking institutions.
The most complex single attack involved 21 unique vectors, with the largest incident reaching 144.75 Gbps and 13.69 Mpps.
The top three attack types included TCP ACK (23,134 attacks), TCP SYN/ACK Amplification (13,046) and TCP RST (9,793).
Ugandan DDoS attacks surge
Uganda reported a total of 6,145 DDoS attacks, up significantly from 1,564 during the first half of the year, with the largest peaking at 79.52 Gbps and 10.92 Mpps.
Of these, the wireless telecommunications sector was the most targeted, accounting for 4,422 incidents, followed by computing infrastructure providers at 555.
The most prevalent attack vectors included TCP SYN/ACK Amplification (2,825 attacks), DNS Amplification (731) and ICMP (667).
Longest East African incident experienced in Djibouti
Djibouti suffered 2,860 DDoS attacks in 2H 2024. While the largest attack reached 8.5 Gbps and 1.12 Mpps, the standout metric was the extended average duration of attacks, lasting around 271 minutes.
This was by far the longest attack recorded within the region.
The most common attack vectors were DNS Amplification (810), TCP RST (488) and TCP SYN/ACK Amplification (369).
Tanzania, Seychelles, Ethiopia and Rwanda: Diverse attack vectors targeting multiple sectors
“While the volume of DDoS attacks observed across countries such as Tanzania, Seychelles, Rwanda and Ethiopia may have been lower than in other parts of East Africa for the latter part of 2024, they are by no means insignificant,” adds Hamman.
“Tanzania, for example, saw a notable increase in incidents compared to the first half of the year, as did Rwanda, while Ethiopia continues to face consistent targeting of its wireless telecom providers.”
“Attack vectors across these countries also show evolving levels of sophistication, from multi-vector assaults in Tanzania to high-impact attacks in the Seychelles,”
“These figures reinforce the need for heightened vigilance and robust cybersecurity postures across all sectors, regardless of the size or frequency of attacks.”
·In Tanzania, 531 DDoS attacks were recorded, which increased from 352 in the first half of 2024. Industries such as hospitality (hotels and motels) and new car dealerships were among the top targets.
The largest attack reached 1.25 Gbps and 2.3 Mpps, with the most complex involving up to 12 different attack vectors. DNS Amplification was the most common method, followed by DNS and VSE Amplification.
·Seychelles, one of the world’s smallest countries, experienced 386 DDoS attacks, with the largest peaking at 53.58 Gbps and 7.52 Mpps.
Computing infrastructure, data processing and web hosting services were the primary victims, accounting for 118 attacks, but wired and wireless telecommunications providers, software publishers and web search portals were also amongst the top five most targeted.
Here, DNS Amplification (101 attacks), TCP SYN (42) and TCP ACK (35) were the most frequent vectors.
·Rwanda reported 248 DDoS attacks, more than double the first half of the year, with the largest peaking at 0.28 Gbps and 0.4 Mpps.
Attacks lasted an average of 65 minutes, with targeting across service sectors, including computing services businesses.
The most frequently used attack types were TCP RST (73), MS SQL RS Amplification (69) and DNS Amplification (48).
·Ethiopia once again experienced 107 DDoS attacks, with the most significant attack peaking at 12.18 Gbps and 1.18 Mpps.
As with the 107 incidents from the first half of 2024, the attacks were primarily aimed at wireless telecommunications providers.
The leading attack vectors were DNS Amplification and UDP-based floods.
“What’s particularly concerning is the sharp rise in sustained, high-bandwidth attacks and the growing number of incidents in previously quieter markets,” continues Hamman.
“The findings from NETSCOUT’s latest Threat Intelligence Report make it clear: cybercriminals are not only growing bolder but are also evolving their methods, targeting a wide array of industries and regions across East Africa.”
“As attack volumes fluctuate and complexity increases, no sector can afford to be complacent. In this environment, proactive defense strategies, underpinned by real-time visibility and intelligent threat mitigation, are essential to safeguarding critical infrastructure.”
“NETSCOUT remains committed to equipping organisations with the tools and insights they need to stay resilient in the face of this ever-changing threat landscape,” he concluded.
NETSCOUT is a provider of enterprise performance management, carrier service assurance, cybersecurity and DDoS protection solutions.
For more information visit here.
