Kenya Emerges As Target In Global DDoS Surge

Kenya is drawing increasing global attention as a high-priority target in the evolving cyberthreat landscape. According to the latest findings from NETSCOUT, the country is experiencing a surge in sophisticated distributed denial-of-service (DDoS) attacks, particularly across high-value digital and financial sectors.

The NETSCOUT Threat Intelligence Report for the second half of 2025 places Kenya among the most targeted countries globally in specific industries. Notably, the country ranks second worldwide in both other computer-related services and portfolio management and investment advice. These sectors are foundational to digital operations and financial ecosystems, making them especially attractive to cybercriminals aiming to maximise disruption.

The data signals a broader shift in how attackers operate. Rather than relying on opportunistic attacks, threat actors are increasingly focusing on strategically important industries and digitally advanced markets. Kenya’s rapid digital transformation and its role as a regional technology hub have made it a prime candidate for this more deliberate form of cyber targeting.

Within East Africa, Kenya continues to record the highest number of DDoS incidents, with more than 51,000 attacks observed during the reporting period. However, volume alone is no longer the primary concern. The nature of these attacks is changing, becoming more persistent, coordinated and technically complex.

Bryan Hamman, Regional Director for Africa at NETSCOUT, notes that the average attack duration now exceeds 100 minutes, underscoring a clear intent to disrupt operations rather than simply probe systems for weaknesses.

Modern DDoS campaigns are no longer simple floods of traffic. Attackers are deploying multi-vector strategies that combine multiple techniques simultaneously. These include TCP ACK, DNS amplification, TCP RST and ICMP flood attacks, sometimes layered into a single campaign using up to 21 different methods.

This level of sophistication allows threat actors to bypass traditional security measures and sustain disruptions for longer periods. It also raises the bar for organisations, many of which are still relying on reactive cybersecurity approaches that struggle to keep pace with such complex threats.

Telecommunications providers remain the most heavily targeted sector in Kenya, reflecting their role as the backbone of digital connectivity. Wireless carriers, in particular, are experiencing both the highest number of incidents and the longest attack durations, with some disruptions lasting more than three hours.

The implications are significant. Disruptions at the telecom level can cascade across entire economies, affecting everything from financial transactions to cloud services and everyday communications. While telecoms remain a primary focus, attackers are widening their scope. Financial services, data hosting, hospitality and retail sectors are all experiencing increased levels of sustained targeting. This trend mirrors Kenya’s expanding digital economy, where more industries are coming online and becoming part of an increasingly interconnected ecosystem.

At the heart of many of these attacks are botnets, vast networks of compromised devices that can be orchestrated to launch large-scale, distributed campaigns. These networks enable attackers to scale their operations rapidly, targeting multiple sectors simultaneously and amplifying the overall impact.

For Kenyan organisations, the message is clear: cybersecurity strategies must evolve. The growing sophistication of attacks means that traditional, reactive approaches are no longer sufficient.

Hamman emphasises the need for intelligence-driven security strategies that can anticipate, detect and mitigate threats in real time. As digital adoption accelerates, resilience is becoming a business-critical priority rather than a technical afterthought.

“No sector is immune,” he notes, highlighting the importance of building systems that can withstand and adapt to ongoing attacks.

NETSCOUT’s visibility into global internet traffic underscores the scale of the challenge. The company protects two-thirds of the routed IPv4 space and monitors tens of thousands of daily DDoS attacks across 376 industry verticals and nearly 13,000 autonomous system numbers.

For Kenya, this places its cyber risk within a much larger global context, one where the stakes are rising alongside digital growth. As the country continues to position itself as a digital leader in Africa, the ability to secure its infrastructure and services will be critical, not just for protecting businesses, but for sustaining trust in its digital economy.