As digital services expand across East Africa, the region is facing escalating cyber risks, necessitating advanced security measures to counter these pervasive threats.
Certain East African countries have been under far greater distributed denial of service (DDoS) pressure than many in the West African region, seeing attack volumes closer to those experienced within the South and North of the continent.
So says Bryan Hamman, regional director for Africa at NETSCOUT, who was commenting on the results of the recently released NETSCOUT 1H2024 DDoS Threat Intelligence Report (TIR). He also clarified that Kenya and Mauritius experienced the highest volumes of DDoS attacks among East African nations, with attackers increasingly leveraging sophisticated multi-vector tactics.
Unpacking the East African DDoS landscape
According to the NETSCOUT report, certain trends unfold, country by country. “It is interesting to unpack the data per individual sovereign region and see where differences and similarities occur,” notes Hamman. “For example, it is almost expected that Kenya would have seen the highest number of attacks in the region overall, while the strong focus on targeting the telecommunications industry should sound a warning note for this sector across the region.”
Kenya
The first half of the year saw Kenya experiencing 57,319 attacks, with 21 vectors in a single incident, including Domain Name System (DNS) Amplification, Transmission Control Protocol (TCP) Acknowledgement (ACK), Synchronise (SYN) and Reset (RST) flood attacks.
Wired and wireless telecommunications carriers were the most heavily targeted local sectors, subjected to 19,542 and 18,739 incidents respectively within the first half of 2024, followed by computer-related services at 10,778. Other sectors struck within the same timeframe ranged from finance-related organisations – including portfolio management and investment advice businesses, as well as chartered accountants and commercial banks – to clothing and accessory retailers.
Hamman comments: “Attackers frequently leverage volumetric and application-layer DDoS methods to disrupt operations and create costly downtime. Kenya’s expanding digital infrastructure has become both an asset and a target for threat actors seeking to exploit its burgeoning connectivity.”
Mauritius
Meanwhile, Mauritius recorded 30,446 DDoS attacks within the same period, many of which also used complex, layered attack methods to overwhelm its connectivity infrastructure. Known for its strong regional connectivity, Mauritius too has seen DDoS incidents that primarily aimed to disrupt telecommunications. The wireless telecommunications sector (except satellite communications) in particular bore the brunt of these incidents, with more than 30,000 attacks.
The threat landscape includes both small-scale but persistent attacks, as well as larger, multi-vector campaigns. The maximum number of vectors seen in one attack was 20, very much mirroring those seen in Kenya, in that many of these were DNS and TCP attacks. However, the predominant type of attack vendor locally was Internet Control Message Protocol (ICMP) flood DDoS attacks, also known as Ping flood attacks.
Uganda
While experiencing significantly lower figures than Kenya and Mauritius, Uganda’s DDoS threat landscape has still grown increasingly complex, demanding vigilant, ongoing monitoring to track adversaries’ evolving tactics. NETSCOUT’s Threat Intelligence Report recorded 1,564 attacks for the first half of the year, with attackers employing up to 14 vectors in a single multi-vector attack, illustrating the aggressive, multi-layered approach used against Ugandan infrastructure.
Top attack vectors included CLDAP (Connection-less Lightweight Directory Access Protocol) Amplification, DNS Amplification and ICMP, targeting primarily wireless telecommunications carriers, which accounted for 978 attacks, with a peak bandwidth of 139.57 Gbps and throughput reaching 13.2 Mpps.
Tanzania
DDoS attacks in Tanzania are increasingly targeting telecommunications and other essential sectors, such as transit and ground passenger transportation, with 352 attacks recorded in the recent period. Wireless telecommunications carriers endured most of these disruptions, withstanding 99 attacks, with peak bandwidth at 6.4 Gbps. Soft drink manufacturers, computer systems design services and software publishers were also affected, falling within the six top targeted sectors within Tanzania.
Attackers made use of up to 13 vectors in a single multi-vector attack, with tactics including DNS Amplification, TCP SYN/ ACK, and STUN (Session Traversal Utilities for Network Address Translator) Amplification.
Rwanda
The country’s focus on becoming a regional technology hub has brought new opportunities, but also heightened risks. Rwanda’s DDoS threat landscape, though smaller in scale compared to some neighbouring countries, reflects a targeted approach once again primarily focused on telecommunications. One hundred and twenty attacks were recorded over the first half of 2024, with adversaries employing up to three vectors in a single attack.
As seen elsewhere, wireless telecommunications carriers specifically experienced the most disruptions, with the longest attacks lasting up to 23 minutes.
Ethiopia
Similarly, Ethiopia’s wireless telecommunications faced the majority of disruptions within the country, numbering 107 in total for the six-month period, with some attacks lasting as long as 29 minutes and with up to four attack vectors in a single assault. The most prevalent attack method was DNS Amplification, accounting for 37 attacks, while the largest attack reached a bandwidth of 12.18 Gbps and a throughput of 1.18 Mpps.
A Call for Resilient Defences
“It’s clear from the Threat Intelligence Report figures that DDoS attacks are evolving in both frequency and complexity across East Africa, driven by an increased reliance on digital services and connectivity,” notes Hamman. “And as organisations across the region enhance their digital infrastructure, they become prime targets for threat actors looking to exploit weaknesses.
“It has thus become essential for businesses and governments alike to implement robust DDoS mitigation strategies to protect their digital assets and ensure continuity.”