Listen to the article
South Africa is facing a wave of escalating cyber threats that mirror global trends but expose uniquely local vulnerabilities. From record-breaking distributed denial of service (DDoS) campaigns to surging ransomware and banking trojan infections, the country’s digital infrastructure and economy are increasingly at risk. Yet law enforcement and regulatory capacity remain dangerously out of step with the scale of the challenge.
A global storm hitting local shores
According to security researchers at Netscout Systems, over eight million DDoS attacks were recorded globally in the first half of 2025. The Europe, Middle East and Africa (EMEA) region bore the brunt of more than 3.2 million strikes, many targeting critical infrastructure in communications, energy, transport, and defence. Hacktivist groups such as NoName057(16) continue to weaponise cyberattacks as geopolitical tools, launching hundreds of coordinated disruptions every month.
South Africa has not escaped this surge. Experts warn that the same vulnerabilities exploited elsewhere—weak perimeter defences, unsecured IoT devices, and poor patching—are being leveraged by both global threat groups and domestic cybercriminals. The accessibility of DDoS-for-hire services means even unskilled attackers can now launch large-scale digital assaults.
Malware and infostealers on the rise
Beyond DDoS, malware infections are climbing steeply. Research by Kaspersky shows that in the first half of 2025 South Africa endured more than six million online attack attempts and 10.3 million malware-related incidents. Nearly one in five users was targeted, from individuals falling victim to phishing and fake Wi-Fi networks to enterprises battling ransomware and industrial malware.
The data is stark:
- Backdoor attacks increased by 123 per cent compared with 2024.
- Banking trojans surged by 136 per cent.
- Password stealers rose by 122 per cent.
- Spyware infections grew by 3.6 times.
Infostealers such as SparkCat and its variant SparkKitty represent a growing risk. Both have been identified spreading through legitimate app stores, underscoring the difficulty of trusting even official platforms. These malicious tools can exfiltrate sensitive files, device data, and personal images, opening new fronts in the fight against cybercrime.
Financial losses and under-reporting
The financial toll is already severe. The South African Banking Risk Information Centre reported that in 2024 cybercriminals launched more than 100,000 attacks on bank accounts, draining around ZAR 1.8 billion from victims. Yet the South African Police Service recorded just 544 cyber-related fraud cases in the same period.
This yawning gap between actual incidents and formal investigations points to systemic weaknesses. Under-resourced police units, limited technical training, and a struggling Information Regulator mean most attacks go unreported or unresolved. Criminals know they face little risk of prosecution, emboldening further attacks.
Calls for reform
Political pressure is mounting. The Democratic Alliance (DA) has tabled a Private Members Bill to establish an Office of the Cyber Commissioner, a new Chapter 9 institution that would oversee cybercrime prevention and response. While the proposal has strong backing from the private sector and academia, government support remains lukewarm.
Advocate Glynnis Breytenbach, DA Spokesperson on Justice and Constitutional Development, has warned that without urgent reforms South Africa risks becoming a haven for cybercriminals: “Cybercrime is growing at a pace our institutions cannot match. Unless we build capacity now, we will fall further behind.”
Microsoft’s role in building resilience
Alongside calls for reform, global technology companies are stepping in to help bolster South Africa’s cyber defences. In 2024 Microsoft announced a ZAR 5.4 billion investment into expanding its cloud infrastructure and digital skills programmes in the country. The initiative is aimed at improving both capacity and resilience, with a strong emphasis on cybersecurity readiness.
Microsoft is rolling out advanced cloud-based security services to South African organisations, providing tools such as real-time threat intelligence, AI-driven monitoring, and incident response frameworks that are already being used by governments and enterprises worldwide. The company is also investing in local skills development through training programmes designed to address the shortage of cybersecurity professionals in the region.
This dual approach, combining technology deployment with human capital development, is seen as a vital step in closing South Africa’s cybersecurity gap. By enabling businesses, government agencies, and individuals to adopt world-class defences, Microsoft’s investment is positioning the country to better withstand the next wave of cyberattacks.
What needs to change
Experts stress that traditional defences are no longer sufficient. The rise of AI-driven malware, malicious large language models such as WormGPT, and automated phishing campaigns mean attackers can adapt faster than defenders. South African organisations, from banks to state-owned enterprises, must move toward intelligence-led, layered security.
Key recommendations include:
- Stronger authentication and patch management.
- Deploying Endpoint Detection and Response tools for early detection.
- Limiting unnecessary remote access.
- Maintaining robust backups.
- Training employees to recognise phishing and deepfake attacks.
But these measures will not be enough without systemic change in enforcement and governance. South Africa’s cyber resilience will depend as much on political will and investment in law enforcement as on the latest security technologies.
A national security threat
With cyberattacks targeting financial institutions, utilities, and critical infrastructure, this is no longer just an IT problem. It is a national security issue. The longer South Africa delays strengthening its defences, the greater the risk that hostile actors, whether criminal or geopolitical, will exploit the country’s weaknesses to inflict economic and strategic harm.
