As digital services continue to expand across East Africa, the region is finding itself increasingly vulnerable to cyber risks, prompting the need for more advanced security measures to combat these growing threats. Bryan Hamman, the regional director for Africa at NETSCOUT, highlighted the disturbing trend of escalating distributed denial of service (DDoS) attacks in certain East African countries, surpassing even the attack volumes experienced in South and North Africa.
According to the recently released NETSCOUT 1H2024 DDoS Threat Intelligence Report (TIR), Kenya and Mauritius faced the highest volumes of DDoS attacks among East African nations. These attacks were becoming more sophisticated, with attackers using multi-vector tactics to disrupt digital infrastructure and services.
In Kenya, the first half of the year saw a staggering 57,319 DDoS attacks, with telecommunications carriers bearing the brunt of the attacks. These attacks utilized various vectors, including Domain Name System (DNS) Amplification, Transmission Control Protocol (TCP) Acknowledgement (ACK), Synchronise (SYN), and Reset (RST) floods. The telecommunications sector, both wired and wireless, was the primary target, followed by computer-related services and finance-related organizations.
Mauritius, known for its strong regional connectivity, recorded 30,446 DDoS attacks within the same period, primarily aimed at disrupting its telecommunications infrastructure. The wireless telecommunications sector was heavily impacted, with the attacks employing complex, layered methods to overwhelm the connectivity networks.
Uganda, although experiencing lower figures than Kenya and Mauritius, saw its DDoS threat landscape becoming more complex. With 1,564 attacks recorded in the first half of the year, Uganda faced attackers using up to 14 vectors in multi-vector attacks, targeting wireless telecommunications carriers predominantly.
In Tanzania, DDoS attacks focused on telecommunications and essential sectors like transit and ground passenger transportation. With 352 attacks recorded, wireless telecommunications carriers bore the brunt of the disruptions, along with other sectors such as soft drink manufacturers and computer systems design services.
Rwanda’s aspiration to become a regional technology hub brought new opportunities but also increased risks. The country recorded 120 DDoS attacks in the first half of 2024, primarily targeting telecommunications. Similarly, Ethiopia’s wireless telecommunications sector faced disruptions, with 107 attacks recorded over the six-month period, highlighting the need for resilient defenses against evolving cyber threats.
Hamman emphasized the importance of robust DDoS mitigation strategies for businesses and governments in East Africa to protect their digital assets and ensure operational continuity. As the region’s reliance on digital services grows, so does the threat landscape, necessitating proactive measures to safeguard against cyber attacks.