The National Information Technology Development Agency (NITDA), through its Computer Emergency Readiness and Response Team, said it has detected activities of a hacktivist group targeting the country’s vital digital infrastructure.
This is contained in an advisory issued by the Agency on Wednesday. According to NITDA, the hacktivist group, known for its politically and religiously motivated cyber campaigns, poses a significant risk to Nigeria’s critical information infrastructure.
The Agency, therefore, urged all critical national infrastructure such as financial services providers, telecommunications providers, and relevant government service providers to ensure cyber security readiness and resilience by implementing necessary cyber security measures to safeguard against potential attacks.
It said the hackers’ tactics include targeted attacks on government digital services, using various attack types, particularly Distributed Denial of Service (DDoS) attacks, and they have a track record of successful attacks in various countries. Denial of service attacks are cyberattacks where the attacker prevents users from accessing a website, online service, or connected device, by flooding the servers with internet traffic.
Public alert
While advising all Nigerians to be on alert as the attackers may strike at any time, the Agency in the advisory said:
• “NITDA hereby alerts the general public to be wary of the occurrence of these attacks which underscores the undeniable and concerning fact that cyber-attacks are not a distant threat but rather a looming danger that resides much closer to us than we may have previously acknowledged. This realization compels us to recognize the urgency of reinforcing our cyber front, fortifying our digital defenses to shield against these malicious intrusions and secure the safety of our critical information and infrastructure.
• “The consequences of such cyber-attacks are always severe and may have wide-ranging impacts which include disruption of critical services, economic losses, as well as public trust and reputation loss.”
Security measures
To guide against attacks targeted towards Government Institutions and other critical sectors, NITDA advised all Ministries, Departments, and Agencies, including other providers of critical services in the country to ensure the implementation of measures to prevent against DD0S attacks.
According to the Agency, the measures should include deploying DDoS monitoring systems to watch out for signs of DDoS attacks; and minimizing the attack surface area thereby limiting the options for attackers and allowing them to build protections in a single place.
Other measures recommended by NITDA include:
• “Implementing or subscribing to DDoS protection features, applications or services to fortify your cyber defenses against disruptive DDoS attacks. e.g. rate limiting, load balancing. Traffic filtering, Content Delivery Network (CDN), Web application Firewalls, etc.
• “Ensuring that hosting providers offer abundant redundant Internet connectivity, enabling systems to manage significant volumes of traffic effectively.
• “Configuring network hardware such as firewall or router to drop incoming ICMP packets or block DNS responses from outside the network (by blocking UDP port 53).”
The attackers
While NITDA did not mention the name of the hacktivist group, its description fits that of ‘Anonymous Sudan, a pro-Russian hacktivist group that recently launched a DDoS on Kenya. The attack which took several websites offline including that of Kenyan media, hospitals, universities, and businesses, also affected the country’s major telecom company, Safaricom.
The group had previously been involved in a series of “unprecedented escalation in DDoS attack sophistication” with pro-Russian hackers that targeted Western websites including Microsoft, according to a report published by Cloudflare earlier this year.
Add Comment