Bryan Hamman, regional director for Africa at NETSCOUT.

Kenya, Nigeria, and South Africa's financial institutions are vulnerable to Distributed Denial of Service (DDoS) attacks.

According to Netscout's 1H2024 DDoS Threat Intelligence Report, financial services firms in Africa continue to fall prey to DDoS attacks, with Kenya, Nigeria, and South Africa identified as key targets.

Bryan Hamman, regional director for Africa at Netscout, says: “The financial services sector -which encompasses organisations such as banks, insurance companies, investment houses, real estate companies and lenders – remains a lucrative target for cybercriminals due to the critical nature of its operations and the value of its data.

“Understandably, service availability in industries such as banking is of paramount importance, and disruptions of any type can have far-reaching consequences.

“Over the past year or so, we have seen intensification in the activities of geopolitically motivated hacktivists and their coordinated DDoS attack efforts aimed at banking and financial services.

“One particular threat actor known as NoName057(16), which has garnered notoriety for developing and distributing custom malware as well as for its innovative use of gamification in cyberwarfare, has claimed 222 attacks against the global banking and financial services sector for the first six months of the year.

“And, in fact, this industry has generally been the most targeted by all noted hacktivist groups for the first half of 2024.”

Netscout also noted that DDoS attacks against the insurance industry, in particular, were a source of worry across the Europe, Middle East, and African (EMEA) region, with 10 840 attacks targeting this type of organisation over the six-month period, the majority of which occurred in South Africa.

South African insurance firms and brokerages suffered the brunt of the industry's EMEA-wide incidents, with 10,720 attacks over a six-month period.

The greatest of these occurrences peaked at 183.84Gbps, generating disruptions with a maximum effect of 40.74Mpps and an average attack time of 15 minutes.

According to the Netscout survey, Kenyan portfolio management and investment advisory firms, as well as certified public accountants, were among the country's top five most targeted industries.

Furthermore, commercial banking in Kenya was named the eighth most vulnerable industry, while in Nigeria, local title abstract and settlement offices were targeted by DDoS attacks.

“DDoS attacks are becoming more sophisticated and harder to mitigate,” Hamman says. “Cyber-criminals are now leveraging advanced techniques to overwhelm financial institutions, often targeting infrastructure components like Domain Name System servers that are critical for digital services.

“As African economies continue their digital transformation, it is clear that financial institutions must adopt robust cybersecurity measures to mitigate the rising DDoS threat. A critical step in this process is to adopt adaptive DDoS protection strategies, including real-time traffic monitoring, automated response systems and comprehensive incident response plans,” he concludes.