The latest global threat intelligence report places South Africa in the top position as far as digital attacks are concerned, with Morocco and Kenya coming second and third respectively.
NETSCOUT SYSTEMS, INC. has released its latest global threat intelligence report, revealing that South Africa, Morocco and Kenya were the three most targeted African countries for Distributed Denial of Service attacks in the first half of 2025.
South African sectors take DDoS strain
South Africa ranked as the continent’s primary hotspot, recording 213,523 Distributed Denial of Service (DDoS) attacks during the six-month period.
Several of its industries featured prominently among the most attacked at a global level.
These sectors included:
· Insurance agencies and brokerages – first worldwide, with 6,680 attacks;
· Other computer-related services – first worldwide, with 18,243 attacks (Kenya followed in second place with 8,730);
· Portfolio management and investment advice – first worldwide, with 1,571 attacks (Kenya again came in second with 720);
· Commercial banking – second worldwide, with 4,653 attacks;
· Electronics and appliance retailers – third worldwide, with 255 attacks;
· Electronics computer manufacturing – third worldwide, with 525 attacks; and
· Wireless telecommunications carriers (except satellite) – South Africa ranked fourth globally with 126,551 attacks, while Morocco placed tenth with 64,517.
The report also showed that Seychelles was positioned as sixth globally for attacks on software publishers (183), while Nigeria uniquely recorded 108 incidents aimed at beauty salons, the only country in the world to have this sector noted in the report.
South Africa remained the most attacked African nation, Morocco ranked second with 75,624 DDoS incidents, and Kenya third with 46,786 attacks during the first half of 2025.
Together, these three countries accounted for the vast majority of malicious activity across the continent.
Complex multivector events in South Africa, Kenya, Libya and Nigeria
NETSCOUT’s research showed that South Africa, Kenya, Libya and Nigeria all recorded 23 attack vectors in a single attack, followed closely by Morocco with 20.
Attack vectors refer to the different methods cybercriminals use to overwhelm their targets.
The most commonly seen examples in Africa for the first six months of 2025 ranged from DS (destination port floods) to Dn (DNS query floods) and Ta (TCP ACK floods).
The increasing variety of vectors shows that attackers are using multi-layered techniques to bypass defences and cause maximum disruption.
Tunisia sees longest, largest attack
In terms of duration, Tunisia experienced the longest single DDoS attack in Africa, clocking in at 418.68 minutes (nearly seven hours).
Other countries close behind included Côte d’Ivoire (415.34 minutes), Burkina Faso (356.49 minutes), Mali (336.63 minutes), and Libya (242.6 minutes).
Such prolonged attacks emphasise the persistence of adversaries in attempting to cripple connectivity and online services.
The report also revealed the largest DDoS attack statistics observed in selected African nations, as follows:
· Tunisia –maximum bandwidth of 756.61 Gbps and throughput of 49.51 Mpps, recorded across 6,346 attacks;
· Algeria – maximum bandwidth of 432.02 Gbps, throughput of 41.05 Mpps, noted across 186 attacks; and
· South Africa – maximum bandwidth of 312.46 Gbps and throughput of 27.46 Mpps, detailed across 213,523 attacks.
Commenting on the findings, Bryan Hamman, regional director for Africa at NETSCOUT, said: “NETSCOUT’s latest threat intelligence underlines how Africa is firmly in the sights of global cybercriminals. South Africa continues to experience extremely high volumes of DDoS activity, with its critical industries increasingly under threat.
“At the same time, Morocco, Kenya and other nations are facing rising attack sophistication, as shown by the high number of vectors.
The prolonged strikes in Tunisia, Côte d’Ivoire, Burkina Faso, Mali and Libya, alongside record-breaking bandwidths and throughputs, further demonstrate the determination of attackers to disrupt essential services,” he added.
“As connectivity expands and the digital economy matures across Africa, organisations must recognise the essential need for intelligence-driven, proven DDoS defences that can truly safeguard their operations, customers, and reputations.”
NETSCOUT maps the DDoS landscape through passive, active, and reactive vantage points, providing unparalleled visibility into global attack trends.
NETSCOUT protects two-thirds of the routed Internet Protocol Version Four (IPv4) space, securing network edges that carried global peak traffic of over 800 Terabit per second (Tbps) in the first half of 2025.
It monitors tens of thousands of daily DDoS attacks by tracking multiple botnets and DDoS-for-hire services that leverage millions of abused or compromised devices.