DDoS Attacks Report for Q2 2024: Middle East and Africa (MENA)

DDoS attacks in the Middle East and Africa region increased by 211% in Q2 2024. This makes MENA the second fastest-growing region for DDoS traffic.

In this report, we will explore the reasons behind this growth, identify the most targeted industries, and highlight the countries experiencing the highest number of attacks.

Introduction

Welcome to the Q2 2024 DDoS Threat Report for the MENA region. This report details DDoS attacks on StormWall’s clients in the Middle East and Africa during the second quarter of 2024, as monitored by our traffic filtering network.

StormWall’s network, handling peak loads of up to 4500 Gbit/s and with points of presence in Dubai, protects hundreds of businesses from DDoS traffic — ranging from large enterprises to local SMEs. This data gives us unique insights into the state of DDoS threats in MENA and beyond.

If you want to learn about the state of DDoS attacks worldwide, read our DDoS Attack Report Q2 2024 Global Edition.

Q2 2024 Main Trends

We'll start with a breakdown of the trends that shaped the DDoS threat landscape in the MENA region in the second quarter of 2024.

• DDoS attacks in MENA increased by 211% year-over-year in Q2 2024. The region now ranks second globally in attack growth, behind Europe but ahead of APAC. This comes from rising geopolitical tensions and more profit-driven attacks.
• The financial sector was the most targeted in Q2 2024, accounting for 38% of all attacks and seeing a 268% year-over-year increase. This shows that more cybercriminals are focusing on high-value targets for financial gains.
• Government organizations, previously the most targeted vertical, remain under heavy fire, making up 16% of attacks with a 153% increase. The ongoing Israeli-Palestinian conflict is a key driver, fueling attacks on government infrastructure.
• Hackers are increasingly using carpet bombing attacks, with their usage up 192% year-over-year. These attacks target a wide range of IP addresses on a network rather than focusing on a single IP, effectively overwhelming broader network infrastructure.
• DNS-based attacks are up 68%, while UDP attacks increased by 37%. This shows attackers are using a wider variety of methods to breach networks in the region.

To learn more about how these trends are shaping the DDoS threat landscape in MENA — continue reading.

Malicious Traffic in MENA up 211%

In the second quarter of 2024, there was a shift in how the regions with the highest growth in DDoS attacks rank — and MENA moved into second place. The top three regions by attack volume growth are now:

1. Europe.
2. MENA.
3. APAC.

As has been the case in previous quarters, geopolitics continues to play a major role in where DDoS attacks land. Because of instability in the Middle East, government services are dealing with attacks from hacktivists and APTs — organized criminal groups driven by ideology. These groups often operate with government support.

The Israeli-Palestinian conflict, which began in October 2023 and is still unresolved, is a major factor. However, MENA is now experiencing a sort of turning point.

In the first quarter of 2024 we reported that the majority  of the malicious traffic in MENA came from hacktivists. This quarter, this share dropped sharply — or rather, the share of profit-draining attacks increased. That’s a sign that profit-driven hackers have become more active in MENA.

This shift has shaken up the most targeted industries. For the first time in a long time, the financial sector is the most targeted (more than the government sector), accounting for 38% of attacks with a 268% increase year-over-year. This is followed by the retail sector with 19%, and only then comes the government vertical with 16%.

In all, this means that attacks in the Middle East are becoming more unpredictable, and any industry can be hit hard at any time.

DDoS attackers diversify their arsenal in MENA

As the volume of DDoS attacks in the MENA region increased, attackers also diversified the technologies they use. Three types of attacks showed the highest adoption rates:

• Carpet bombing attacks increased by 192% quarter-over-quarter. This technique targets a wide range of IP addresses within a network, rather than focusing on a single IP. It's typically used against large organizations with complex networks, such as those in the financial sector.
• DNS attacks increased by 68% quarter-over-quarter. DNS attacks exploit vulnerabilities in the Domain Name System, often overwhelming DNS servers or hijacking legitimate DNS traffic. These attacks are most commonly used against targets with wide online infrastructure, such as telecommunications providers that rely on hundreds of domain names to provide their services.
• UDP flood attacks increased by 37% quarter-over-quarter. In these attacks, hackers send a flood of UDP packets to random ports on a target system. UDP floods are simple but effective. Hackers deployed this technique against targets with limited bandwidth, in particular, targeting smaller government agencies.

Attack Share by Vertical

Now let's break down how attacks on different verticals changed from last quarter to this quarter:

• financial and payment services jumped from 9% of total attacks in Q1 to 38% in Q2 2024. This sector now leads in attack volume, with a 268% year-over-year growth,
• retail wasn't spared either, going from 5% of attacks in Q1 to 19% in Q2, making it the second most targeted vertical. Retail saw a 192% year-over-year increase in attacks,
• government services, previously the most targeted sector with 34% of attacks in Q1, dropped to third place with 16% in Q2,
• hackers focused less on manufacturing and IT verticals, and these industries don't appear on the list of most attacked industries in MENA in Q2 2024,
• instead, many attackers targeted the entertainment industry, which accounted for 10% of the attacks and saw a 211% increase year-over-year. This sector wasn't even on the top list in Q1.

And here’s a more detailed analysis of the top 3 most attacked verticals:

1. Financial and payment services

In this vertical, there was a 38% share of attacks and 268% YoY growth — it’s  the highest growth spike in MENA across all verticals. Most attacks occurred in the banking subvertical, followed by payment processing.

Profit-driven attackers have, in a sense, awakened in the region and began hitting financial services hard. They employ DDoS attacks in two distinct ways.

How hackers attack financial services? The first type of attack is straightforward — hackers try to overwhelm the victim's servers, cause system latency or outages, and hold the company for ransom. Atlassian estimates that an hour of downtime costs between $100,000 and $540,000, depending on the company's size. Hackers gamble that paying the ransom will be cheaper for a financial company than enduring prolonged downtime.

(At StormWall, we recommend never paying the ransom — there's no guarantee that the attackers will keep their word. It's much safer (and cheaper) to connect reliable DDoS protection.) 

The second attack type is called smokescreening — hackers use a DDoS attack as a decoy, aiming to flood the victim's SOC team with alerts, cause confusion and divert attention away from the real threat. While the SOC team is busy dealing with the DDoS attack, the attackers infect the target system with ransomware, a data stealer, or spyware. In this case, they're after the victim's data.

2. Entertainment

The entertainment sector has become the second most attacked vertical, accounting for 19% of all incidents and showing a 211% year-over-year growth. Hackers have primarily targeted online gaming and streaming services.

Why have hackers focused on the entertainment vertical in MENA? Attacks on the region's gaming industry have been on the rise for some time, with a 62% increase in June 2024 alone. Entertainment, and e-sports in particular, is a lucrative business in the MENA region, but it's highly susceptible to DDoS attacks due to its immediate, real-time nature. Traffic floods can easily disrupt both tournaments and streaming experiences by causing latency.

What's more, the Esports World Cup is set to kick off in the UAE from July 3 to August 25, and it's likely that cybercriminals are preparing to ramp up attacks on the industry when it begins.

High-profile gaming events attract millions of viewers, but the potential for disruption can go beyond ruined gaming or streaming experiences. With attackers often targeting the underlying infrastructure, the impact can be felt on a wide scale. As happened in Andorra during the 2022 SquidCraft games, a prominent MineCraft event, an entire country was temporarily left without internet.

In the past, attacks targeting the gaming sector in the MENA region (successfully mitigated by StormWall) have exceeded 1 Tbps. In addition to the massive amount of traffic, the attackers mimicked requests from legitimate users, making filtering more difficult than usual.

3. Government

Government services accounted for 16% of total DDoS attacks in MENA during Q2 2024, showing a 153% year-over-year increase. This spike is significant and shouldn't be taken lightly. However, attack volumes are rising even faster in other sectors, which comparatively pushes the government vertical down.

Why government services remain a prime target? The ongoing geopolitical instability in the MENA region has led organized groups of hackers to continue targeting public-facing government websites and services. It's a tactic to create chaos by making these resources inaccessible. During election periods, it's also a method to potentially skew results.

DDoS Attacks in MENA: Breakdown by Country

The pattern with the most attacked countries echoes what we discussed earlier with the most targeted industries — countries with the largest economies face the most attacks. The UAE leads with 27% of attacks, followed by Saudi Arabia at 14%, and Kuwait at 12%.

These countries are undergoing digitization across various economic sectors, with significant penetration of e-commerce and online banking, attracting profit-driven criminals.

Conversely, countries where most attacks are politically motivated have dropped down the list. For instance, Israel's share of attacks is now 6%, down from 12% last quarter, and Palestine is at the bottom with just 3%, down from 5% last quarter.

Overall, this indicates a regional shift from politically motivated attacks to financially motivated ones.

Wrapping up

In Q2 2024, the MENA DDoS threat landscape shifted toward more profit-driven attacks, the Israeli-Palestinian conflict continued to fuel hacktivism, while cybercriminals increasingly targeted high-value sectors. Here are the key takeaways:

• DDoS attacks in MENA are up by 211% compared to Q2 2023,
• the financial sector became the prime target, accounting for 38% of attacks,
• the entertainment sector was the second most-targeted accounting for 10% of attacks,
• government services, while still heavily targeted, dropped to third place with 16% of attacks,
• carpet bombing attacks are up by 192% — a trend towards more sophisticated attack methods.

Looking ahead, the MENA region's DDoS threat landscape is becoming increasingly unpredictable. The best way to protect yourself is to adopt robust DDoS protection in advance. As it stands, the impact of DDoS attacks can be felt in any industry, and the wisest course of action is to be prepared to face them.

cta1