Advisory ID : ngCERT-2023-0031
Summary:
The Kenyan government, via the Ministry of Interior, claimed that some of the country's online infrastructures had been struck by a wave of Distributed Denial of Service (DDoS) attacks, rendering the country's online platforms unreachable. The attack began on 23 July 2023, just barely four weeks after President Ruto released thousands of government services on the e-citizen platform in an effort to boost efficiency and reduce corruption. This platform hosts services such as passport applications and renewals, e-visa issuance, driver's licences, identification cards, and national health records. Kenya's well-known mobile payment system, M-Pesa, as well as the National Transport and Safety Authority (NTSA), Kenya Power and Lighting Company (KPLC), and Kenya Railways, have all been impacted. Anonymous Sudan has claimed responsibility for the attacks.
Threat Type(s): DDoS
Damage/Probability: CRITICAL/HIGH
Consequences:
In an increasingly digitalised society, when digital public services become abruptly and suddenly unavailable, it can result in indirect and direct economic and financial losses, as well as physical danger in some circumstances. The following are some of the consequences of the recent attacks:
- The outage of M-Pesa services paralyzed operations across many sectors including the ability of the government to collect revenues.
- Disruption of the country’s e-visa issuance resulted in issuing visas on arrivals to all travellers—in what appears to be a temporary visa-on-arrival program due to the attack on e-Citizen platform.
- The Kenya Power and Lighting Company (KPLC) left thousands of utility prepaid customers stranded and unable to purchase their tokens via their online platform and USSD code.
- Standard Chartared Bank Kenya was among banks whose digital banking systems were affected.
- Kenya Railways train services were disrupted announcing that network outage by its service provider affected purchase of tickets.
- National Transport and Safety Authority (NTSA) also issued a statement indicating that its services had also been attacked, thereby preventing Kenyan residents to apply and pay for driving licenses among others.
- Media websites were also attacked including that of The Standard Group, Kenya’s oldest newspaper, as well as the website of the government-owned Kenya News Agency.
- Ten (10) university websites were hit, including the University of Nairobi.
- Seven (7) hospitals were also targeted.
Description:
A Distributed Denial of Service (DDoS) assault is intended to disrupt service. This is accomplished by employing many computers to flood a targeted system's bandwidth or resources (such as a web server) with traffic. By overloading the targeted system, it will either crash or fail to function properly. The online platform attack included several efforts to overload the systems with unusual requests with the goal of clogging the system. Anonymous Sudan, a group with apparent ties to Russia, claims responsibility for the strikes due to Kenya's intervention in Sudan's domestic affairs. The group stated that it was aiming for other government digital services.
Solution:
Here are some countermeasures that can be implemented to prevent a DDoS attack:
- Create a DDoS Response Plan.
- Implement a robust network security with network segmentation, firewalls, IDSs, anti-malware solutions and web security tools.
- Have server redundancy.
- Monitor network traffic and be on the lookout for warning signs.
- Limit network broadcasting.
- If possible, outsource DDoS prevention by migrating to the cloud.
References:
https://www.bbc.com/news/world-africa-66337573
https://techmonitor.ai/technology/cybersecurity/anonymous-sudan-kenya-ddos-cyberattack-ecitizen