Kenya & Mauritius Lead East Africa’s Cybercrime Battle

: Kenya and Mauritius face rising DDoS attacks, topping East Africa. Discover
what drives these threats and how nations are fortifying defences.

Kenya and Mauritius are increasingly becoming hotspots for cybercrime in East Africa,
according to the recently released NETSCOUT 1H2024 DDoS Threat Intelligence
Report (TIR).

Both countries recorded the highest volumes of Distributed Denial-of-Service (DDoS)
attacks in the region, with cybercriminals deploying increasingly sophisticated, multi-
vector techniques to disrupt services.

DDoS SURGE IN KENYA AND MAURITIUS

Bryan Hamman, Regional Director for Africa at NETSCOUT, emphasised the growing
threat.

“Kenya and Mauritius are bearing the brunt of DDoS attacks in East Africa. Attackers
are not only increasing the volume but also leveraging multi-vector approaches that
make detection and mitigation far more challenging,” Hamman explained.

In Kenya, where the tech ecosystem thrives on innovations such as M-Pesa and
expansive mobile banking services, the Communications Authority of Kenya (CA)
reported a 12% increase in cyberattacks in the first half of 2024, translating to 459
million incidents.

Similarly, Mauritius, recognised as a financial hub, saw a sharp rise in attacks on its
financial services sector, a key contributor to its GDP.

WHAT DRIVES THE TARGETTING OF KENYA AND MAURITIUS?

Technological Advancement:

Both nations are at the forefront of digital transformation in East Africa, which,
while driving economic growth, also exposes vulnerabilities. Hamman noted,
“The more interconnected these economies become, the larger the attack
surface for cybercriminals.”

Economic Significance:

Kenya’s dominance as a regional tech hub and Mauritius’s role in global financial
services make them prime targets for malicious actors seeking to exploit high-
value systems.

Insufficient Cybersecurity Infrastructure:

Despite advancements, gaps in cybersecurity frameworks persist. For instance,
Kenya’s Data Protection Act of 2019 and Mauritius’s cybersecurity strategy have
struggled to keep pace with the sophistication of modern cyber threats.

COMPARISON WITHIN EAST AFRICA

While Kenya and Mauritius grapple with these challenges, regional peers like Rwanda
and Tanzania have demonstrated resilience.

• ● Rwanda: Known for its proactive measures, such as the National Cyber Security
• Authority (NCSA), Rwanda has kept DDoS incidents relatively low. In the first half
• of 2024, the country reported only 36 million attacks.
• ● Tanzania: With the establishment of its Computer Emergency Response Team
• (CERT) in 2020, Tanzania has reduced phishing and ransomware incidents by
• 35% and 20%, respectively.

IMPACT OF CYBERCRIME

The repercussions are severe, affecting sectors critical to economic stability:
● Kenya: The banking and telecommunications sectors, central to the country’s
GDP, have faced significant disruptions. Safaricom reported a two-hour outage in
April 2024 linked to a DDoS attack, costing millions in lost revenue.
● Mauritius: The financial services industry has suffered data breaches and
operational downtimes, undermining investor confidence.

RECOMMENDATIONS FOR ACTION

Enhanced Cybersecurity Policies:

Governments must update regulations to reflect evolving threats. Public-private
partnerships can also drive innovation in defence mechanisms.

Regional Collaboration:

Establishing an East African Cyber Defense Alliance could enable nations to
share threat intelligence and resources.

Investment in Education and Awareness:

Cyber hygiene training for individuals and businesses can help minimize
vulnerabilities, particularly against phishing attacks and social engineering
tactics.

Adoption of Advanced Technologies:

Leveraging tools like AI-driven threat detection can provide real-time responses
to attacks.

CONCLUSION

As cybercriminals grow bolder and more sophisticated, Kenya and Mauritius must
accelerate efforts to fortify their defences. “A regional approach that blends technology,
policy, and awareness is key to turning the tide against these threats,” Hamman
concluded.
The path forward is clear: a united East African front, coupled with robust internal
reforms, can transform the region from a target to a cybersecurity stronghold.