
(3 Minutes Read)
The Communications Regulatory Authority of Namibia (CRAN) has sounded the alarm over the state of cybersecurity in the country, following the release of its latest cybersecurity report. The report, compiled by the Namibia Computer Security Incident Response Team (NAM-CSIRT), reveals that 540,786 digital vulnerabilities were identified between January and March 2025 across systems, software, and network configurations throughout Namibia.
While this figure marks a 15.58% decline compared to the previous quarter (October–December 2024), CRAN warns that the sheer number of weaknesses remains a serious concern. The vulnerabilities leave digital environments exposed to potential exploitation by cybercriminals and other threat actors.
The report highlights that a substantial portion of the detected weaknesses stem from Open CWMP—a protocol commonly used for remote device management. Due to poor configuration and maintenance, this protocol has become a significant entry point for attackers.
Other frequently exploited vulnerabilities included:
- Accessible Telnet
- SNMP (Simple Network Management Protocol)
- FTP (File Transfer Protocol)
- DNS misconfigurations
- SSL POODLE (a known vulnerability in outdated SSL encryption)
Most of these vulnerabilities were attributed to misconfigured or outdated systems, underscoring the urgent need for improved system maintenance and cyber hygiene.
Although system vulnerabilities saw a modest decline, cyber events surged dramatically, increasing by 314.8% during the same period. The report notes that 260,293 cyber incidents were recorded in Q1 2025—up from just over 62,000 in the previous quarter.
The majority of these were linked to non-HTTP sinkhole activities (197,929 events), suggesting that cyber attackers are increasingly targeting non-web protocols. Additional threats included:
- HTTP scanner activity
- DDoS (Distributed Denial of Service) participation
- Brute-force login attacks
NAM-CSIRT also documented a number of highly advanced cyberattacks during the quarter. These included:
- AI-generated deepfake campaigns
- Social engineering fraud
- Targeted attacks on critical infrastructure
Such incidents often exploit human vulnerabilities and inadequate organisational cybersecurity practices, resulting in financial losses and operational disruptions.
Read Also;
CRAN’s report concludes with a strong call for immediate and coordinated action across both public and private sectors. Recommended measures include:
- Restricting public access to device management portals
- Disabling unnecessary digital services
- Enhancing cyber hygiene through regular updates and audits
- Launching cyber-awareness campaigns to educate users at all levels
- Strengthening national digital resilience to withstand and respond to future threats
As Namibia continues to digitise its economy and services, CRAN emphasises that securing the digital landscape must become a top national priority in the face of escalating cyber risks.