Nigeria and Mali have emerged as the top two targets for distributed denial of service (DDoS) attacks in West Africa, according to a new Threat Intelligence Report released by global cybersecurity firm NETSCOUT. The report, covering July to December 2024, highlights both the shifting intensity and increasing sophistication of cyberattacks across the region.
While Nigeria continued to experience the highest volume of attacks, it recorded a decline from 2,721 incidents in the first half of 2024 to 1,716 in the latter half. Mali, on the other hand, saw a dramatic surge, with attacks skyrocketing from just 115 to 1,637 over the same period — marking a more than tenfold increase.
In Mali, web search portals and information services bore the brunt of these attacks, enduring an average duration of nearly 20 hours (1,197 minutes) per incident. Wired telecommunications carriers were the second-most targeted sector — mirroring global trends — as over 2.1 million attacks were recorded against this industry worldwide during the six-month window.
“Nigeria’s attack profile remains highly diverse,” said Bryan Hamman, NETSCOUT’s regional director for Africa. “We observed that cybercriminals targeted not just large tech firms but also a surprising mix of industries — from beauty salons and commercial banks to tyre dealers and used merchandise retailers. This underscores how attackers are increasingly adapting to the unique economic compositions of different countries.”
The report revealed that Nigeria faced some of the most complex DDoS campaigns in the region, with up to 22 different attack vectors used in a single incident. Common techniques included TCP-based attacks, DNS amplification, and ICMP flood attacks — also known as Ping floods.
Other regional highlights
Liberia ranked third with 1,189 attacks — a slight dip from the 1,515 recorded earlier in the year. The country’s computer systems design services sector was especially hard-hit, suffering 360 attacks. DNS and STUN amplification were the primary attack methods.
Ghana, which experienced a significant 4,753 attacks in the first half of 2024, saw DDoS activity plummet to 917 in the second half. Despite the decline, the ICT sector remained a prime target, followed by an unusual uptick in attacks against footwear manufacturers.
The Democratic Republic of the Congo (DRC) made its first appearance in NETSCOUT’s rankings, recording 879 attacks. Although the peak bandwidth of its largest attack was modest at 0.74 Gbps, the technical complexity was notable, with up to 15 vectors used in one incident. A satellite telecommunications firm in the DRC endured an attack lasting nearly 11.5 hours.
Cameroon reported 811 attacks, with the most powerful reaching 200.43 Gbps — the highest in the region and significantly surpassing Nigeria’s peak of 148.77 Gbps. Côte d’Ivoire, Guinea, and the Republic of the Congo followed, with 495, 341, and 329 incidents respectively.
Across these countries, telecommunications providers — both wired and wireless — continued to be the primary targets, reinforcing a pan-African trend of sustained pressure on ICT infrastructure.
A call for vigilance
Hamman emphasized the growing threat landscape facing African economies. “What we’re seeing is not just more attacks, but smarter and more damaging ones,” he noted. “As cybercriminals evolve, so must our defences. Organisations must invest in stronger protections, conduct frequent risk assessments, and collaborate on regional cybersecurity initiatives to stay ahead of the curve.”
NETSCOUT, known for its work in enterprise performance management, carrier service assurance, and DDoS mitigation, publishes regular threat intelligence to help organisations and governments worldwide navigate the evolving digital risk environment.
