NETSCOUT SYSTEMS, INC. has released its latest global threat intelligence report, revealing that Africa remains a growing target for Distributed Denial of Service (DDoS) attacks.
In the first half of 2025, South Africa, Morocco, and Kenya emerged as the continent’s most attacked nations, together accounting for the bulk of malicious activity.
South Africa under Fire
South Africa recorded 213,523 DDoS incidents in the six-month period, making it Africa’s primary hotspot. Several of its industries also ranked among the most targeted globally, including:
- Insurance agencies and brokerages – first worldwide with 6,680 attacks
- Other computer-related services – first worldwide with 18,243 attacks (Kenya placed second with 8,730)
- Portfolio management and investment advice – first worldwide with 1,571 attacks (Kenya second with 720)
- Commercial banking – second worldwide with 4,653 attacks
- Electronics and appliance retail – third worldwide with 255 attacks
- Electronics computer manufacturing – third worldwide with 525 attacks
- Wireless telecommunications carriers (excluding satellite) – fourth worldwide with 126,551 attacks (Morocco ranked tenth with 64,517)
The report also highlighted unusual activity across Africa. Seychelles ranked sixth globally for attacks on software publishers (183 incidents), while Nigeria was the only country worldwide to record attacks on beauty salons, with 108 incidents.
Morocco and Kenya Follow
Morocco ranked second on the continent with 75,624 attacks, while Kenya recorded 46,786 incidents during the same period.
Notably, South Africa, Kenya, Libya, and Nigeria each saw complex events with up to 23 attack vectors in a single strike, reflecting growing sophistication. Morocco followed closely with 20 vectors. Common vectors included DNS query floods, TCP ACK floods, and destination port floods.
Record-Breaking Strikes across North & West Africa
The report also tracked the longest and largest DDoS attacks across Africa:
- Tunisia – longest single attack lasting nearly 7 hours (418.68 minutes), also recorded the continent’s largest attack with 756.61 Gbps bandwidth and 49.51 Mpps throughput.
- Algeria – 432.02 Gbps maximum bandwidth and 41.05 Mpps throughput across 186 attacks.
- South Africa – 312.46 Gbps bandwidth and 27.46 Mpps throughput across 213,523 attacks.
Other nations, including Côte d’Ivoire, Burkina Faso, Mali, and Libya, also experienced prolonged attacks, further underlining the persistence of adversaries.
“NETSCOUT’s latest threat intelligence underlines how Africa is firmly in the sights of global cybercriminals,” said Bryan Hamman, Regional Director for Africa at NETSCOUT. “South Africa continues to experience extremely high volumes of DDoS activity, with its critical industries increasingly under threat. Meanwhile, Morocco, Kenya, and other nations are facing rising attack sophistication, as shown by the high number of vectors.”
He added:
“The prolonged strikes and record-breaking attack sizes demonstrate attackers’ determination to cripple essential services. As Africa’s digital economy expands, intelligence-driven, proven DDoS defences are no longer optional, they are business critical.”
