DDoS Attacks in MENA: 2024 Report by StormWall

The rapid growth of the digital economy, evolving geopolitical tensions, and expanding digital infrastructure in the Middle East and North Africa (MENA) have made the region a prime target for cybercriminals—especially those behind distributed denial-of-service (DDoS) attacks.

This report takes a deep dive into DDoS attacks targeting StormWall customers across the Middle East and Africa. Our traffic filtering network handles peak loads of 5 Tbps, protecting hundreds of companies—from large enterprises to small businesses. This broad coverage gives us a unique perspective on the evolving DDoS threat landscape in the region.

You might also want to read our global 2024 DDoS report.

DDoS Attacks in MENA: Key Trends

DDoS attacks in the MENA region surged by 216% in 2024 compared to the previous year—the highest year-over-year increase ever recorded by StormWall. While this is a concerning milestone, several key factors contributed to this sharp rise:

  • Carpet-bombing grew by 184%. Attackers increasingly used carpet-bombing, a method where entire IP ranges are flooded with traffic instead of just one server. This approach makes mitigation much harder and amplifies the damage, particularly impacting ISPs, cloud services, and enterprise networks.
  • DNS Attacks Increased by 73%.Hackers are using DNS amplification and reflection techniques more frequently to overload target infrastructures. These attacks cause major disruptions across multiple industries, leading to widespread service outages.
  • The Israel-Palestine conflict and evolving alliances in the region, such as the UAE’s growing ties with Russia, have played a major role in altering attack patterns. Hacktivists are prioritizing headline-grabbing disruption over financial gain through ransom. Politically motivated attacks are often more difficult to mitigate than profit-driven ones, as targets have no leverage to negotiate with attackers (although negotiating with threat actors is never recommended). As a result, the implementation of robust DDoS protection measures is crucial.
  • The financial sector, government services, and e-commerce were the top targets for DDoS attacks in 2024. Financial institutions in the UAE took the heaviest hits, with banks and fintech companies facing persistent attacks. Government services in Iran and Saudi Arabia also saw a surge in politically motivated incidents.

Shift from Targeted to Broad-Spectrum Attacks

In 2024, DDoS carpet-bombing attacks surged by 184%, marking a significant shift in attacker tactics. Instead of targeting individual IPs, cybercriminals began flooding entire IP ranges, making these attacks far more destructive. This method overwhelms ISPs, cloud providers, and enterprise networks simultaneously, making defense much more difficult and increasing the overall impact.

One of the most severe carpet-bombing campaigns took place in early 2024, when attackers targeted a major UAE-based ISP. The attack threatened to take thousands of businesses offline, including banks and e-commerce platforms. Fortunately, StormWall’s DDoS protection successfully mitigated the attack.

This tactical shift appears to be closely linked to rising geopolitical tensions in the region. As the Israel-Palestine conflict escalated, hacktivists increasingly turned to carpet-bombing attacks to gain media attention and create widespread disruption. For instance, during the Israel-Hamas war escalation in June and amid protests in October, attackers targeted ISPs in both Israel and Palestine, flooding them with massive waves of traffic. Similarly, Saudi Arabian government websites experienced repeated attacks that disrupted critical public services.

To defend against these evolving threats, organizations must strengthen their traffic monitoring and mitigation capabilities. Subnet-wide traffic analysis, filtering at the ISP level, and redundant network paths are essential to ensuring resilience. Infrastructure should be distributed across multiple IP ranges rather than concentrated in a single subnet. Real-time traffic monitoring and the ability to instantly reroute malicious traffic through DDoS mitigation centers are now crucial for minimizing disruptions. As attackers refine their tactics, modern, adaptive DDoS protection is no longer optional—it’s essential.

Top 3 Most Attacked Countries in MENA

DDoS attacks in the MENA region primarily targeted the major economic centers of Saudi Arabia and the UAE, with a secondary focus on politically motivated targets, particularly Iran. 

Traffic analysis reveals that over 75% of DDoS attacks against Iran originated from organized hacktivist groups with established track records of similar activities.

  1. Saudi Arabia. DDoS attacks increased by 263%, with the financial sector, government institutions, and entertainment platforms facing the brunt of the attacks.
  1. UAE. The country saw a 243% rise in attacks, particularly affecting retail, telecom, and government services.
  1. Iran. Attack volume grew by 182%, with a focus on government agencies, manufacturing, and logistics sectors.

DDoS Attack Impact by Industry

Here’s how DDoS attacks were distributed across different sectors:

DDoS Attacks in MENA: 2024 Report by StormWall - Industries

And the table below shows the verticals with the highest year-over-year growth in DDoS attacks in 2024:

DDoS Attacks in MENA: 2024 Report by StormWall - YoY Growth

Shifts in DDoS Attack Patterns by Industry

The distribution of DDoS attacks across industries changed significantly from last year, with some sectors seeing a sharp rise in attacks while others experienced a decline.

  • Financial and payment services faced the most dramatic increase, surging from 9% to 34% of total attacks. This 278% year-over-year growth made it the most targeted sector in 2024.
  • Government services remained stable at 18%, continuing to be a key target.
  • Retail saw a notable rise, growing from 12% to 16%, making it the third most attacked sector.

Some industries saw a decline:

  • Telecommunications, previously the most targeted sector at 21% in 2023, dropped to 10% in 2024, marking a 52% decrease in attack share.
  • Transportation, which accounted for 16% of attacks in 2023, dropped out of the top 10 list entirely in 2024.

New and emerging targets included:

  • Entertainment, which became a significant target, now accounting for 7% of total attacks.
  • Logistics, appearing for the first time in 2024, with 3% of total attacks.

Other sectors saw minor shifts:

  • Manufacturing increased slightly from 3% to 4%.
  • Education saw a decline, dropping from 5% to 2%.
  • Oil and gas remained relatively stable, decreasing slightly from 6% to 5%.
  • Energy, which accounted for 2% of attacks in 2023, dropped out of the top 10 in 2024.

The distribution of attacks across industries became slightly more balanced, with the top four verticals accounting for 78% of attacks in 2024, down from 83% in 2023. This shift indicates that DDoS threats are spreading across a broader range of industries rather than being concentrated in just a few key sectors.

Let’s break down the top 3 most attacked industries in more detail.

1. Financial and Payment Services: The Hardest-Hit Sector

DDoS attacks on the financial sector surged by 226% year over year, making up 34% of all incidents—more than any other industry.

Attackers strategically timed their strikes around financial events, with 72% of attacks occurring during peak trading hours. This suggests a deliberate effort to disrupt financial transactions and create chaos in the market.

Some of the most significant attack trends included:

  • A 156% increase in attacks on SEPA-connected banks.
  • A 312% surge in strikes targeting specific API endpoints, making this the fastest-growing attack type.
  • A 184% rise in combined traffic floods and application-layer attacks, indicating more sophisticated multi-vector threats.

Where Were These Attacks Concentrated?

The financial sector in the UAE, Saudi Arabia, and Iran bore the brunt of these attacks:

  • UAE: 42% of all financial sector attacks in MENA.
  • Saudi Arabia: 28% of attacks, heavily targeting banks and fintech companies.
  • Iran: 15%, with government-linked financial institutions among the hardest hit.
  • Bahrain: 8%, primarily affecting investment firms and digital payment providers.
  • Other MENA countries: 7%, indicating that attacks, while concentrated in key markets, still impacted financial institutions across the region.

With financial institutions remaining a prime target, advanced DDoS mitigation strategies are critical to protecting banking infrastructure, preventing downtime, and maintaining trust in digital financial services.

2. Government Services: A Growing Target Amid Political Tensions

Government websites accounted for 18% of all DDoS attacks in MENA, with attack volumes rising 167% year over year. Hackers increasingly targeted public services, digital infrastructure, and election systems, using DDoS attacks to disrupt access and fuel instability.

Election-Related Attacks

During politically sensitive periods, attacks intensified. For instance, during Tunisia’s October 2024 elections, DDoS attacks on government websites spiked by 312% compared to September, with attackers focusing on voter information systems and election results platforms. These disruptions caused temporary outages in several regions, raising concerns about digital election security.

Political Conflicts Driving Attack Patterns

Regional tensions had a significant influence on attack trends:

  • Saudi Arabia’s digital infrastructure faced major attacks during diplomatic meetings, particularly during the Gulf Cooperation Council summit in February 2024. Hackers aimed to disrupt government communications and security-related discussions.
  • Iranian government sites experienced a 234% increase in DDoS attacks, as cyber conflict with Israel escalated throughout the year. Courts, legislative portals, and other critical systems were among the primary targets.

With government agencies becoming high-value targets, stronger cybersecurity frameworks and real-time DDoS mitigation are now essential to ensuring service availability, especially during periods of political uncertainty.

3. Retail: A Prime Target During Peak Shopping Seasons

The retail sector faced 16% of all DDoS attacks in MENA, with attack volumes doubling compared to 2023. E-commerce platforms were hit hardest, especially during major shopping events like Ramadan sales, when cybercriminals and even rival businesses exploited high-traffic periods to disrupt operations and gain a competitive edge.

Saudi Arabia and UAE: The Most Affected Markets

  • Saudi Arabia experienced 38% of all retail DDoS in the region. Major e-commerce platforms were hit with carpet-bombing attacks, targeting websites, mobile apps, and payment systems. Notably, 64% of these incidents occurred during sales and promotional events, indicating a strong element of competitive sabotage.
  • UAE retail, particularly Dubai-based e-commerce businesses, saw a 156% rise in attacks. Hackers not only targeted customer-facing platforms but also backend infrastructure and cloud services, making mitigation more complex. The Dubai Shopping Festival was hit especially hard, with multiple retailers suffering simultaneous attacks.

How Retail Attacks Differ from Other Sectors

Unlike financial services, where ransom demands are common, DDoS attacks in retail are primarily focused on short-term disruptions. Smaller retailers suffered the most, as they often lack the advanced DDoS protection available to larger companies.

The growing reliance on mobile commerce made mobile apps and payment gateways a key target. 42% of retail attacks targeted mobile platforms, reflecting the region’s mobile-first shopping habits. Attacks on mobile APIs and payment processing systems surged by 184%, aligning with the broader trend of carpet-bombing attacks in MENA.

With e-commerce playing an increasingly vital role in the region’s economy, stronger DDoS protection strategies are essential to ensuring business continuity and preventing revenue losses during peak shopping seasons.

How to Protect Your Online Store from DDoS Attacks >>

DDoS Attacks in MENA: Country Breakdown

Here’s how DDoS attacks were distributed across MENA countries in 2024:

DDoS Attacks in MENA: 2024 Report by StormWall - Countries

Key Trends in DDoS Attacks by Country

  • Saudi Arabia remained the most targeted country, accounting for 26% of all attacks, with a focus on financial institutions and government services.
  • The UAE followed with 17% of attacks, a slight decrease from 18% last year, yet still heavily impacted, particularly in retail and telecom.
  • Iran experienced the biggest spike, rising from 6% to 12%, making it the third most attacked country. Many attacks targeted government services, logistics, and manufacturing.
  • Bahrain also saw an increase, moving from 8% to 10%, securing the fourth position in attack share.
  • Israel rounded out the top five, with 9% of attacks, up from 7% last year.

While some countries saw a rise in attacks, others experienced a decline:

  • Yemen‘s attack share more than doubled, increasing from 2% to 5%.
  • Palestine remained stable at 4%, despite ongoing regional tensions.
  • Kuwait saw a significant drop, falling from 16% to 6%, moving from third to seventh place.
  • Qatar’s share also declined, dropping from 9% to 7%.

Overall, 74% of all DDoS traffic in MENA targeted just five countries, reflecting both economic importance and political volatility as key drivers behind attack distribution.

Conclusion 

The DDoS attack landscape in MENA saw a dramatic escalation in 2024, and if current trends continue, 2025 may bring even greater challenges. To defend against evolving threats, companies must adopt multi-layered security strategies with:

  • Real-time traffic analysis to detect attacks instantly.
  • AI-driven threat detection that predicts and responds to malicious activity.
  • Scalable cloud-based protection that reroutes malicious traffic without affecting business operations.

Fortunately, modern DDoS protection solutions are now easy to deploy. And, in a region where cyber threats are escalating, reactive security is no longer enough. Businesses must take a proactive, adaptive approach to ensure that even if an attack happens, operations remain unaffected—and no one outside the IT team ever has to know.

DDoS Protection for Websites

  • Activate protection in 10 minutes
  • 24/7 technical support