There is both good news and bad news for telecommunications and IT companies across Africa. Here’s the positive news, according to global management consulting firm McKinsey.  The trends shaping mobile, wireless and broadband communications across the continent indicate a strong long-term growth trajectory for the African ICT sector. The unsettling news is that threat actors have this vertical firmly in their sights and are ramping up cyberattacks accordingly.

Interpol’s Operation Red Card cracks down on cybercrime across Africa, 306 arrested

McKinsey clarifies that telecommunications companies across Africa have significant opportunities to achieve financial growth and profitability while boosting digital inclusion across the continent.  This is in spite of various inherent challenges such as regulatory complexities and infrastructure gaps. Although this is excellent news for nations and individuals wanting to embrace the convenience of e-commerce and mobile money, as well as new growth avenues in key sectors such as agriculture, energy and healthcare, there are envious eyes on the prizes that this vibrant and economy-altering digital sector offers.

According to NETSCOUT’s 2H2024 DDoS Threat Intelligent Report (TIR), which is its 14^th issue, threat actors are increasingly targeting the rapidly evolving African ICT sector via distributed denial of service (DDoS) attacks, with a significant majority of the top targeted sectors per country being computer and IT-related, or else telecommunications carriers. This is consistent with global trends (as will be seen in more detail below).

DDoS attacks – which flood servers, applications or other network areas to render them unavailable and disrupt the availability of services – are frequently used to disrupt critical services, often for geopolitical reasons as well as to extort ransoms.

“The IT and telecommunications sectors are crucial for significant economic and individual growth around the globe,” says Bryan Hamman, regional director for Africa at NETSCOUT. “These technologies have the power to connect businesses and individuals and are key in driving innovation across Africa.”

A breakdown of the top 10 global vertical targeted arenas is as follows:

“We can clearly see that the ICT space overall was an extraordinarily attractive target worldwide for DDoS threat actors over the second half of 2024,” clarifies Hamman, “and in addition, almost every category above showed an increase in the attack count for the second half of 2024 compared to the strikes recorded for the first six months of the year.

“The global attacks on the wired telecommunications carriers numbered over two million (2,123,675) for this recorded period, while the equivalent hits against wireless telecommunications carriers (except satellite) came in at just under one million (937,256).”

A rundown of the top 10 Europe, Middle East and Africa (EMEA) region vertical targeted arenas is as follows (noting the exact duplication of the top three targeted sectors reflecting for the EMEA region as for the global picture):

Says Hamman: “The statistical breakdowns outlined above for the wider EMEA region again show, quite clearly, the premium that is placed on the telco and broader technology industries by DDoS threat actors. As we will see when looking more closely into Africa itself, almost no countries are spared from strikes against their ICT industries.”

“When we scrutinise the statistics for the continent across the IT and telecommunications space, the NETSCOUT report shows that, for example, South Africa was the most targeted country for ‘attacks across computer services design systems’, with Liberia in West Africa coming in third (after Japan and before the United States),” outlines Hamman.

“And when looking at the top five targeted countries for hits on ‘other computer related services’, four out of the five countries under attack globally were African, with the United States being the regional outlier, in order of South Africa, Kenya, US, Mozambique and Zambia.”

Below follows a round-up of African countries showing where the top targeted verticals fall into either the IT arena, or else are related to strikes against telecommunications providers. The top one or two verticals are outlined each time per country unless otherwise specified. The link to the in-depth country overview from NETSCOUT is supplied for interest and further input.

• wired telecommunications carriers is followed by web search portals and all other information services, with wireless telecommunications carriers (except satellite) in third position.
• Again there is a heavy ICT emphasis on Uganda’s top four targeted DDoS attacks, withwireless telecommunications carriers (except satellite) listed first, followed by computing infrastructure providers; wired telecommunications carriers; and all other telecommunications in fourth place.
• other computer related services.
• all other telecommunications.

Why telco are prime targets

“Telecommunications companies are prime targets due to the significant subscriber data that they possess, both personal and financial,” confirms Hamman.

“ICT organisations in general are also an important part of critical infrastructure for both businesses and individuals, and disruption or downtime can have massive implications, which speaks to geopolitical strikes and also enables ransomware operators to apply more pressure.”

He adds: “Many telecommunications companies are now also involved with mobile payments and fintech partnerships, which means that they are no longer operating purely as connectivity providers but are also playing a key role within the financial services landscape. The accompanying data that they are privy to makes them even more desirable as a DDoS target.

“In answer, organisations and sovereign nations cannot be complacent but must look to their security providers for assistance and protection, in order to keep these vital cogs in the digital landscape continuing to turn smoothly and optimally for the greater good and to enable economic growth,” Hamman concludes.

NETSCOUT’s DDoS proactive protection strategies include comprehensive incident response plans, real-time traffic monitoring and intelligent threat mitigation, as well as access to the NETSCOUT Cyber Threat Horizon for real-time global attack statistics.