(Nairobi) – Digital services across East Africa are facing a rise in distributed denial of service (DDoS) attacks, with Kenya and Mauritius seeing the most significant volumes of such threats in the region, according to a recent report. The NETSCOUT 1H2024 DDoS Threat Intelligence Report highlights these two nations as the top targets, underlining the growing need for advanced cybersecurity measures.
The first half of 2024 saw Kenya suffer 57,319 DDoS attacks, a considerable number compared to other nations in the region. The attacks included multiple sophisticated vectors, such as Domain Name System (DNS) Amplification, TCP Acknowledgement (ACK) floods, and SYN and Reset (RST) flood attacks. These disruptions particularly targeted the telecommunications sector, with both wired and wireless carriers facing substantial threats. In total, telecommunications companies were hit with nearly 39,000 attacks in the first six months of 2024. Kenya’s expanding digital infrastructure is both a valuable asset and a vulnerable point for attackers looking to disrupt services and create costly downtime.
Mauritius, too, experienced a high volume of DDoS incidents, recording 30,446 attacks in the same period. Much like Kenya, attackers employed sophisticated, multi-layered methods to compromise the nation’s connectivity infrastructure. Telecommunications companies bore the brunt of these attacks, with more than 30,000 incidents focused on the wireless sector. The most common form of attack was the Internet Control Message Protocol (ICMP) flood, also known as a Ping flood, which overwhelmed the systems by sending large amounts of traffic.
While the number of DDoS incidents in Uganda was lower, it still saw an increase in complexity. The NETSCOUT report recorded 1,564 attacks, with some incidents using as many as 14 vectors in a single attack. The targeted sectors primarily included wireless telecommunications carriers, and attack vectors ranged from CLDAP and DNS Amplification to ICMP, contributing to a more aggressive and sophisticated threat landscape.
In Tanzania, the number of DDoS attacks remained relatively small but was still a growing concern. A total of 352 attacks were recorded, many aimed at the telecommunications sector, which accounted for nearly a third of the incidents. Other sectors, including soft drink manufacturers and computer services, were also affected. As the country continues to develop its regional technology infrastructure, these digital assets are becoming more susceptible to cyber threats.
Rwanda, with a smaller DDoS footprint compared to its neighbors, still recorded 120 incidents, with wireless telecommunications suffering the most disruption. Ethiopia also faced a modest but concerning number of attacks, recording 107 incidents with a predominance of DNS Amplification techniques.
The rising number of DDoS attacks across East Africa reflects a broader global trend where digital infrastructure is increasingly targeted. As businesses and governments in the region expand their digital services, the threat of DDoS attacks grows, making it essential to invest in effective mitigation strategies.
These findings underscore the need for comprehensive cybersecurity measures to protect the region’s growing digital infrastructure.