Cybersafety: NCC offers countermeasures to prevent DDoS attacks

*The Nigerian Communications Commission provides practical countermeasures that can be implemented to prevent a Distributed Denial of Service attack in view of a recent advisory issued on the ‘Kenyan Critical Information Infrastructure DDoS Attack’

Gbenga Kayode | ConsumerConnect

As part of the Commission’s consumer protection initiatives, the Nigerian Communications Commission (NCC) has offered some countermeasures that can be implemented to prevent a Distributed Denial of Service (DDoS) attack.

ConsumerConnect reports the telecoms sector regulatory Commission stated this is recent public notice published on its corporate Web site in relation to an advisory on recent the “Kenyan Critical Information Infrastructure DDoS Attack”.

The NCC explained the Kenyan Government, via the North African country’s Ministry of Interior, had claimed that “some of the country’s online infrastructure had been struck by a wave of Distributed Denial of Service (DDoS) attacks, rendering the country’s online platforms unreachable.”

It is noted the attack began July 23, 2023, just barely four weeks after President Ruto released thousands of government services on the e-citizen platform in an effort to boost efficiency and reduce corruption.

This platform hosts services, such as passport applications and renewals, e-visa issuance, driver’s licences, identification cards, and national health records.

As regards the apparent  damage to the critical national infrastructure, the Commission stated the Kenya’s well-known mobile payment system, M-Pesa, as well as the National Transport and Safety Authority (NTSA), Kenya Power and Lighting Company (KPLC), and Kenya Railways, were all impacted in the DDoS attacks.

Meanwhile, public notice said the anonymous Sudan had claimed responsibility for the attacks in Kenya.

Threat Type(s): DDoS

Damage/Probability: CRITICAL/HIGH.

Why DDoS attacks?

A Distributed Denial of Service (DDoS) assault is intended to disrupt service.

This is accomplished by employing many computers to flood a targeted system’s bandwidth or resources (such as a web server) with traffic.

By overloading the targeted system, it will either crash or fail to function properly.

The online platform attack included several efforts at overloading the systems with unusual requests with the goal of clogging the system.

Anonymous Sudan, a group with apparent ties to Russia, claims responsibility for the strikes due to Kenya’s intervention in Sudan’s domestic affairs.

The group stated that it was aiming for other government digital services.

Far-reaching consequences of DDoS attacks on economy

In terms of the consequences, the Nigerian telecoms regulator stated in an increasingly digitalised society, when digital public services become abruptly and suddenly unavailable, the situation could result in indirect and direct economic and financial losses, as well as physical danger in some circumstances.

It also noted the following are some of the specific consequences of the recent attacks on the Kenyan economy:

The outage of M-Pesa services paralysed operations across many sectors, including the ability of the Kenyan Government to collect revenues.

Also, the disruption of the country’s e-visa issuance resulted in issuing visas on arrivals to all travellers—in what appears to be a temporary visa-on-arrival program due to the attack on e-Citizen platform.

The Kenya Power and Lighting Company (KPLC) left thousands of utility prepaid customers stranded and unable to purchase their tokens via their online platform and USSD code.

It is further noted that Standard Chartered Bank, in Kenya, was among banks whose digital banking systems were affected in the wave of the  DDoS attacks on the country’s critical infrastructure.

Kenya Railways train services were disrupted announcing that network outage by its service provider affected purchase of tickets, stated the advisory.

The National Transport and Safety Authority (NTSA) as well issued a statement indicating that its services had also been attacked, thereby preventing Kenyan residents to apply and pay for driving licences among others in the country.

The attacks also hut the media industry, as media Web sites were also attacked, including that of The Standard Group, Kenya’s oldest newspaper, as well as the Web site of the government-owned Kenya News Agency.

During the cyberattacks, 10 University Web sites were hit, including the University of Nairobi, as well as seven hospitals were also targeted.

How to prevent to prevent a DDoS attack

According to NCC, there are some countermeasures that digital consumers can implement to prevent a DDoS attack.

The Commission stated that consumers can take the following practical measures:

• Create a DDoS Response Plan
• Implement a robust network security with network segmentation, firewalls, IDSs, anti-malware solutions and web security tools.
• Have server redundancy.
• Monitor network traffic and be on the lookout for warning signs.
• Limit network broadcasting.
• If possible, outsource DDoS prevention by migrating to the cloud.
  

  Kindly Share This Story