The Communications Regulatory Authority of Namibia (CRAN) says the Namibia Computer Security Incident Response Team (NAM-CSIRT) detected a combined total of 540,786 weaknesses in a digital system, software, or network configuration that can be targeted by cyberattackers and events between January and March 2025.
According to CRAN’s cybersecurity report, this marks a 15.58% decrease from the previous quarter. Despite the drop, the vulnerabilities remain a significant concern, with Open CWMP, a protocol used for remote management of devices, accounting for the majority.
Other leading issues included accessible Telnet, SNMP, FTP, DNS, and SSL POODLE vulnerabilities, all largely stemming from misconfigured or outdated systems.
“The NAM-CSIRT detected a total of 540,786 cyber vulnerabilities across various domains within the Namibian cyber landscape during the fourth quarter (January-March 2025). This represents a 15.58% decrease from the vulnerabilities detected in the previous quarter (October-December 2024),” the report reads.
It is further reported that in contrast to the drop in vulnerabilities, cyber events surged by 314.8%, with 260,293 incidents recorded, up from just over 62,000 in the previous quarter.
The rise was driven primarily by non-HTTP sinkhole activities (197,929 events), indicating a growing shift by attackers toward non-web protocols. Other common incidents included HTTP scanner events, DDoS participation, and brute force attacks.
NAM-CSIRT also documented several sophisticated cyberattacks during the quarter, including AI-driven deepfakes, social engineering fraud, and targeted attacks on critical infrastructure. These incidents exploited weaknesses in public trust and organisational cyber hygiene, resulting in financial losses and operational disruptions.
The report urges both public and private institutions to act decisively, restricting public access to device management interfaces, disabling unnecessary services, and enhancing cyber hygiene practices.
Additionally, it calls for widespread cyber-awareness campaigns and the strengthening of national digital resilience to meet the demands of an increasingly threatening environment.
