Nigeria and Mali lead West Africa in DDoS attacks in the second half of 2024, report reveals

Nigeria and Mali have emerged as the epicentres of distributed denial of service (DDoS) attacks in West Africa for the second half of 2024, according to NETSCOUT’s latest Threat Intelligence Report, covering July to December 2024. The report highlights a shifting cybersecurity landscape in the region, with Nigeria recording 1,716 attacks and Mali experiencing a dramatic surge to 1,637 incidents, underscoring the growing complexity and intensity of cyber threats targeting critical industries.

Nigeria, a regional economic powerhouse, saw a decline in DDoS incidents from 2,721 in the first half of 2024 to 1,716 in the latter half. Despite the drop, the country faced some of the most sophisticated attacks in the region, with one campaign utilising 22 distinct attack vectors, including TCP, Domain Name System (DNS) amplification, and Internet Control Message Protocol (ICMP) flood attacks, also known as Ping flood attacks. These multi-vector attacks aim to overwhelm network infrastructure, making them particularly challenging to mitigate.

The telecommunications sector, including resellers and wired carriers, was heavily targeted in Nigeria, alongside computing infrastructure providers. Unexpectedly, industries such as beauty salons, commercial banking, used merchandise retailers, tyre dealers, and household electronics wholesalers also appeared among the top ten targeted sectors.

“This diversity in targets shows how threat actors tailor their strategies to exploit industries that are economically significant within specific countries,” said Bryan Hamman, NETSCOUT’s regional director for Africa.

The largest attack in Nigeria during this period reached a bandwidth of 148.77 Gbps, highlighting the potential for significant disruption to critical services. The complexity and persistence of these attacks underscore the need for robust cybersecurity measures in Nigeria’s digital ecosystem.

Mali witnessed a tenfold surge in DDoS attacks

Mali experienced a staggering increase in DDoS attacks, rising from 115 incidents in the first half of 2024 to 1,637 in the second half, a more than tenfold surge. Web search portals and information services bore the brunt, with attacks averaging 1,197 minutes (nearly 20 hours) per incident, indicating prolonged disruptions. Wired telecommunications carriers, a globally targeted industry with over 2.1 million attacks worldwide, were also heavily hit in Mali.

The dramatic rise in DDoS attacks in Mali points to its growing digital infrastructure and increasing connectivity, which may have attracted cybercriminals seeking to exploit vulnerabilities. The prolonged duration of attacks suggests that organisations in Mali may face challenges in quickly mitigating these threats, necessitating enhanced cybersecurity investments.

Other countries in the region

Other West African nations also faced significant DDoS attacks. Liberia ranked third in the region with 1,189 attacks, a slight decrease from 1,515 in the first half of 2024. Computer systems design services were the primary target, enduring 360 attacks, with DNS and STUN amplification attacks being the most common vectors.

Ghana saw a sharp decline in DDoS attacks, dropping from 4,753 in the first half of 2024 to 917 in the second half. Information and communications technology (ICT) sectors, including web search portals (317 attacks), wired telecommunications carriers (43 attacks), and computing infrastructure providers (4 attacks), dominated the target list. Notably, footwear manufacturers emerged as an unexpected target, facing 14 attacks, reflecting the adaptability of cybercriminals to local economic contexts.

The Democratic Republic of the Congo (DRC) entered the regional rankings for the first time, reporting 879 attacks. While the largest attack in the DRC peaked at 0.74 Gbps, its complexity was notable, with up to 15 vectors used in a single incident. A prolonged attack on a satellite telecommunications organisation lasted 689 minutes, highlighting the potential for significant operational disruption.

Cameroon recorded 811 attacks, with its largest incident reaching an impressive 200.43 Gbps, surpassing Nigeria’s peak bandwidth. This high-intensity attack underscores the growing threat of large-scale DDoS campaigns in the region, even in countries with fewer total incidents.

Meanwhile, Côte d’Ivoire, Guinea, and the Republic of the Congo reported lower attack frequencies, with 495, 341, and 329 incidents, respectively. Côte d’Ivoire faced the region’s largest attack among these nations, at 8.66 Gbps, primarily targeting wired telecommunications carriers. In Guinea, wireless telecommunications carriers were the primary focus, while telecommunications resellers were hardest hit in the Republic of the Congo. The consistent targeting of ICT-related industries across these countries highlights the sector’s vulnerability in West Africa’s digital space.

According to Hamman, “This latest data from NETSCOUT reinforces a critical truth for West Africa: DDoS attacks are not just increasing in frequency but also in intensity and sophistication.”

The ICT sector remains a primary target across the region, as its critical role in economic and social activities makes it an attractive target for cybercriminals. The report also highlights the adaptability of threat actors, who tailor attacks to exploit local industries, from beauty salons in Nigeria to footwear manufacturers in Ghana.

Globally, NETSCOUT reported over 2.1 million DDoS attacks targeting wired telecommunications carriers, underscoring the sector’s universal vulnerability. West Africa’s experience mirrors this trend, with the region’s growing connectivity driving both economic opportunities and cyber risks. As nations like Mali and the DRC see increased attack volumes, the need for scalable, resilient cybersecurity frameworks becomes more urgent.

As West Africa continues to digitise, the rise in DDoS attacks poses significant risks to economic stability and critical infrastructure. Hamman emphasised the need for organisations to adopt proactive defence strategies, including continuous risk assessments and investment in advanced cybersecurity tools. Regional collaboration is also essential to counter the evolving threat landscape effectively.