Distributed Denial of Service (DDoS) attacks continue to plague South African businesses, with a more than 60 percent jump in incidents tracked over the first half of 2025 when compared to the last six months of 2024. This is according to NETSCOUT SYSTEMS, INC., which has released its latest global threat intelligence report, noting an increase from 130,931 attacks between July and December 2024, to 213,523 from January to June 2025.
Within the broader Southern African region, South Africa was followed by Mauritius, which saw a slight decrease in attacks — down to 38,906 from 41,800 in the previous six months. In third place was Angola, which dealt with 4,792 incidents so far in 2025, a sharp drop from the 19,046 reported in 2H 2024.
Botswana’s attacks averaged nearly 59 minutes, the longest in the region, followed by Angola at 53 minutes. This demonstrates that even countries with relatively fewer attacks can still experience disproportionately severe impacts.
Markets such as Zambia and Zimbabwe were also not spared, highlighting that no economy in the region is beyond the reach of global attackers.
The findings show a clear pattern: highly connected countries, particularly those with cable landing stations and growing digital hubs, are prime targets. South Africa, for instance, is a mature digital hub, boasting the highest number of submarine cable landings and a robust data centre market. Angola is emerging as a digital corridor for Central and Southern Africa, with connectivity supported by multiple subsea cables, while Mauritius is positioning itself as a hub at the crossroads of Africa and the Indian Ocean.
South Africa remains regional epicentre
Not only did South Africa once again dominate the region’s attack volumes, the country also suffered Southern Africa’s largest single attack, peaking at 312 Gbps, while aggregate traffic spikes in June reached a staggering 3 Tbps in a single minute.
Telecommunications absorbed the bulk of attacks, but South Africa further ranked globally among the most heavily targeted countries in industries such as insurance, other computer-related services and portfolio management, where it topped the list worldwide.
Angola and Mauritius experience outsized impact
While enduring fewer strikes than South Africa in overall volume, Angola and Mauritius did, however, experience some of the most powerful individual assaults.
In fact, Angola recorded an attack of 82.04 Gbps and throughput of 20.7 Mpps, with average attack durations exceeding 53 minutes, the second-longest in the region. Mauritius, meanwhile, logged one of the region’s largest aggregate spikes, hitting 150 Gbps, alongside a high number of events for a relatively small island nation.
Emerging targets
Botswana registered only 264 attacks, a substantial decrease from 981 in 2H 2024, but, with an average duration of almost 59 minutes, it suffered the longest-running incidents in the region. This has effectively doubled since the second half of last year.
Zambia saw relatively modest volumes (373 attacks) but one of the most dramatic surges, with an aggregate peak of 20 Gbps and individual attacks as large as 1.75 Gbps. Having measured the lowest number of DDoS events in the region, at 153, for the last six months of the year, this shows that the country is increasingly in the crosshairs of cybercriminals. Interestingly, gasoline stations rated as the third most attacked sector for the country, after wireless telecommunications and other computer related services.
For the first half of 2025, Eswatini’s 149 attacks might be among the lowest in Southern Africa, yet its peaks reached 12 Gbps with up to 11 simultaneous attack vectors. Mozambique reported 592 attacks, including a spike to 1 Gbps, while Zimbabwe recorded 269 attacks, with average incidents lasting more than 30 minutes. In each case, telecommunications and IT services were common targets.
“NETSCOUT’s latest Threat Intelligence Report findings demonstrate how DDoS attack activity in Southern Africa is escalating in both scale and sophistication, and in particular is hitting industries that are critical to national economies,” said Bryan Hamman, regional director for Africa at NETSCOUT. “Organisations need visibility and resilience strategies to ensure they can withstand these increasingly complex threats on an ongoing basis. No country, no sector, is safe.”
NETSCOUT maps the DDoS landscape through passive, active and reactive vantage points, providing unparalleled visibility into global attack trends. NETSCOUT protects two-thirds of the routed IPv4 space, securing network edges that carried global peak traffic of over 800 Tbps in 1H2025. It monitors tens of thousands of daily DDoS attacks by tracking multiple botnets and DDoS-for-hire services that leverage millions of abused or compromised devices.
