DDoS Attacks Surge as Africa Expands Its Digital Footprint

Rising Internet adoption and digital transformation initiatives are exposing organizations in Africa to a growing range of cyber threats.

One manifestation of the trend is a steady increase in distributed denial-of-service (DDoS) attacks on organizations in a handful of North African countries — which also happen to be the ones with the highest Internet penetration rates in the region.

Surge in DDoS Activity

A recent analysis of threat activity data during the first half of 2024 by Netscout showed a 30% increase in DDoS attacks in the Middle East and Africa overall compared with the previous quarter. Countries that experienced the largest growth in DDoS attacks included Algeria, Morocco, Tunisia, and Egypt.

Morocco, which has a 90% Internet penetration rate, reported 61,000 DDoS attacks during the first half of 2024, which was the highest number of DDoS attacks in the region during the period. A plurality of the attacks — 16,461 — targeted wireless telecom producers in the region; more than 6,000 were directed at wired telecom companies; and the rest affected organizations across multiple industry sectors.

Organizations in Egypt, another country in the region with a high Internet penetration rate, collectively experienced some 45,108 DDoS attacks in the first half of the year, with wired telecom carriers being the most frequently targeted entities, followed by wireless carriers and educational institutions. Netscout found some of the highest bandwidth attacks during the time period in Egypt, with the biggest one clocking in at a hefty 332.96 Gbit/s.

Related:China's 'Evasive Panda' APT Debuts High-End Cloud Hijacking

The story with Tunisia, which experienced 4,511 DDoS attacks in the first six months, was similar in terms of victimology: most victims were wired or wireless telecom providers. However, Netscout found threat actors deploying a larger number of DDoS attacks against Tunisian organizations than organizations in other countries. The largest such attack type involved a startling 27 vectors, including Apple Remote Management Service, Connection-less Lightweight Directory Access Protocol (CLDAP) , Constrained Application Protocol (COAP), and Domain Name System (DNS) amplification techniques for significantly increasing the power of an attack.

Geopolitical Tensions, "Online-Ness" Drive Cyber Activity

"These attacks can be attributed in part to businesses in countries such as Morocco, Tunisia, Egypt, Libya, and Algeria increasing their online presence over the past year," says Richard Hummel, director of threat intelligence at Netscout. "While digital transformation is generally a cause for celebration, unfortunately, it also means that more devices and services can be disrupted by attacks."

Related:'SloppyLemming' APT Abuses Cloudflare Service in Pakistan Attacks

A larger attack surface, however, is not the only reason for the increased DDoS activity in Africa and the Middle East, Hummel says. "Geopolitical tensions in these regions are also fueling a surge in hacktivist activity as real-world political disputes spill over into the digital world," he says. "Unfortunately, hacktivists often target critical infrastructure like government services, utilities, and banks to cause maximum disruption."

And DDoS attacks are by no means the only manifestation of the new threats that organizations in Africa are having to contend with as they broaden their digital footprint.

Growing Cyber-Espionage, Cybercrime Risks

The Africa Center for Strategic Studies in a recent report assessed that the increasing spread of IT, communications, and related technologies in the region is rapidly amplifying and altering threats against organizations — and raising national security challenges in the process. The center, which is a US Department of Defense institution, expects that over the next few years organizations in Africa will have to contend with a many of the same cyber threats that entities in other regions of the world have had to contend with for years.

Related:IDF Has Rebuffed 3B Cyberattacks Since Oct. 7, Colonel Claims

One of them is cyber espionage. "Cyberspace has fundamentally changed the methods and means through which states gather information on one another and their citizens," the Africa Center report noted. "Though the most significant cyberespionage concerns in Africa have centered around China, espionage and surveillance capabilities are rapidly diffusing across the continent."

Attacks on critical infrastructure and financially motived attacks by organized crime are other looming concerns. In the center's assessment, Africa's government networks and networks belonging to the military, banking, and telecom sectors are all vulnerable to disruptive cyberattacks. Exacerbating the concern is the relatively high potential for cyber incidents resulting from negligence and accidents.

Organized crime gangs — the scourge of organizations in the US, Europe, and other parts of the world, present an emerging threat to organizations in Africa, the Center has assessed.  "Growing internet penetration rates in Africa has both led to new kinds of cyber-dependent criminal activities, such as business email compromise or romance scams, as well transformed the financing and market dynamics of more traditional organized crime networks." Supply chain attacks are another major and emerging concern, especially given the high reliance on foreign suppliers among organizations in Africa.

Agnidipta Sarkar, vice president and CISO advisory at ColorToken, says organizations in Africa are going to come under growing pressure to implement defenses against new cyber threats, even as they embark on their digital transformation journey.

"The ability to continue business operations, despite cyberattacks, will encourage investments in the region," he predicts. "Effectively reporting breaches will emerge as a highly sought-after capability for CISOs, especially [for] those who can."