West Africa is facing a new dimension of cyberthreats. While the number of attacks often dominates headlines, a quieter but equally dangerous trend is emerging: prolonged, ‘slow burn’ distributed denial of service (DDoS) attacks that can hold critical services offline for hours.
As noted by NETSCOUT SYSTEMS, INC. with the release of its latest global threat intelligence report, Côte d’Ivoire, Burkina Faso and Mali were all subject to lengthy incidents within the first six months of 2025, effectively putting the digital infrastructure of these countries through a gruelling endurance test.
Côte d’Ivoire suffered through the longest DDoS attack within the region, at an average duration of more than 415 minutes (almost seven hours), followed by Burkina Faso at 356.49 minutes (close to six hours), and then Mali at 336.63 minutes (more than 5.5 hours).
Bryan Hamman, regional director for Africa at NETSCOUT explains: “These extended attacks demonstrate that West African countries are not just facing frequent onslaughts – they are enduring hours-long disruptions that put critical services to the test.
“This is of particular significance when looking at the types of organisations exposed to these attacks. Telecommunications was overwhelmingly the hardest hit in all three countries: of Mali’s 4,145 incidents, more than 95 percent (3,951) affected wireless telecommunications organisations. Likewise for Côte d’Ivoire where, although with far fewer strikes overall (611), wireless telcos were the top of the list, with wired carriers coming in second. Burkina Faso measured in at 168 attacks in total for the six-month period, with 85 percent (143) of these within the wired telecommunications carrier space.
“A DDoS that lasts for six or seven hours will most definitely affect service availability in a major way, impacting on user access, revenue loss and reputational damage. The fact is that cybercriminals are not just launching many small or brief attacks; in some places, they are sustaining pressure. This could indicate changes in objectives, such as disruption rather than data theft, hacktivism or even experimentation in testing resilience,” he comments.
Comparative insights across the region: Mali and Nigeria
As previously stated by Hamman, Mali not only experienced one of the longest DDoS attacks in West Africa during the first six months of 2025, but it also saw the most incidents.
When compared to historically high-volume countries, such as Nigeria, Ghana and Guinea, it’s clear that Mali has seen the fastest growth trajectory in the region – from 115 in the first half of 2024, to 1,637 in the second part of the year, skyrocketing again to a staggering 4,145 for 1H 2025 – more than double Nigeria’s total of 1,844 from January to July this year.
“This could potentially be the result of ongoing political instability within the country, and early-stage cybersecurity capacity, in combination with its growing internet penetration.”
Nigeria did, however, still experience the most complex incidents within the region. The maximum number of vectors observed in a single attack was 23, the highest on the continent, as seen in other African countries such as South Africa, Kenya and Libya.
“Interestingly, while its top industries targeted did include wireless telcos as number one, Nigeria uniquely recorded 108 incidents aimed at beauty salons, the only country in the world to have this sector noted in NETSCOUT’s global report. Commercial banking was placed in fourth spot, with household appliances, electric houseware and consumer electronic merchant wholesalers rounding out the list in eight position.”
Countries seeing declines in DDoS incidents
In contrast to Mali, Côte d’Ivoire and Burkina Faso, which experienced protracted ‘slow burn’ attacks, other West African countries saw either lower volumes or a decrease in DDoS activity in the first half of 2025.
Ghana and Liberia for example, two countries that were highly affected in 2024, saw a significant drop for the first six months of this year.
From January to July 2024, Ghana led the West African region in both the frequency and diversity of cyber threats, subjected to a total of 4,753 attacks. This dropped significantly to 917 in the second half of 2024. The country has once more seen a drastic decrease in DDoS attacks of more than 80 percent, recording just 152 incidents for 1H 2025, albeit with a complex combination of attack vectors (18 seen in one incident). The telecommunications sector was almost exclusively under fire within the country, including wired telco businesses (94), wireless carriers (24) and satellite communications organisations (7) listed as the most targeted.
Similarly, 1,515 incidents were documented for the first half of 2024 in Liberia, with a slight decline to 1,189 for the latter part of the year. This has dipped again by more than 76 percent to 280 over 1H 2025, mostly focused on computing infrastructure providers (76) and wireless telcos (74).
Cameroon recorded 449 incidents; a notable decline compared to the previous reporting period of 811. The attacks primarily targeted wireless telecommunications carriers (448 of 449 incidents), and the average duration remained relatively short at just more than 35 minutes, highlighting a very different threat profile compared with the slow-burn nations.
The Republic of the Congo experienced 101 DDoS incidents, also mostly directed at wireless telecommunications carriers (26 incidents), with an average duration of around 22 minutes.
Guinea reported 141 incidents, with wireless telcos again the top target (37 attacks). Although the average duration was slightly longer than 41 minutes, the total number of incidents represents a significant reduction from the prior period (down from 341), indicating a regional easing in both frequency and impact.
“These countries demonstrate that not all West African nations are experiencing the slow-burn phenomenon,” comments Hamman. “While volumes and durations vary, the focus remains on telecommunications infrastructure, and sustained mitigation efforts appear to be paying off in places like Cameroon, the Republic of the Congo, and Guinea.”
NETSCOUT maps the DDoS landscape through passive, active and reactive vantage points, providing unparalleled visibility into global attack trends. NETSCOUT protects two-thirds of the routed IPv4 space, securing network edges that carried global peak traffic of over 800 Tbps in 1H2025. It monitors tens of thousands of daily DDoS attacks by tracking multiple botnets and DDoS-for-hire services that leverage millions of abused or compromised devices.
