The National Information Technology Development Agency (NITDA) has issued an advisory through its Computer Emergency Readiness and Response Team (CERT) regarding the activities of a hacktivist group.
This group, known for pursuing politically and religiously motivated cyber campaigns, has set its sights on Nigeria’s essential digital infrastructure, raising significant concerns. Their primary strategy involves targeting government digital services, with a particular emphasis on distributed denial-of-service (DDoS) attacks. Their history includes successful attacks in several countries, cementing their status as a credible threat.
NITDA has taken this opportunity to sound the alarm to the general public, emphasising that cyber-attacks are not some remote menace but a looming danger much closer than previously assumed. This realization urges us to acknowledge the pressing need to bolster our cybersecurity defences, erect robust barriers against these malevolent infiltrations and ensure the safety of our vital information and infrastructure.
The repercussions of such cyber-attacks are consistently severe, encompassing wide-reaching effects like service disruptions, financial losses and erosion of public trust and reputation.
In order to guard against attacks aimed at government institutions and other pivotal sectors, NITDA’s Computer Emergency Readiness and Response Team (NITDA-CERRT) offers guidance to all Ministries, Departments, and Agencies, as well as other critical service providers. They propose the following measures to counteract DDoS attacks:
Firstly, deploying DDoS monitoring systems to detect early signs of potential DDoS attacks is advised. Secondly, minimizing the attack surface area to restrict attackers’ options, allowing centralised defence strategies. This can be achieved through tactics like obscuring the target and shutting down unused ports and protocols, thus limiting potential points of vulnerability. Thirdly, advocating for the implementation or adoption of DDoS protection tools, applications, or services to fortify cybersecurity defences against disruptive DDoS attacks. This might encompass techniques such as rate limiting, load balancing, traffic filtering, content delivery networks (CDNs) and web application firewalls. Lastly, ensuring hosting providers can manage substantial traffic volumes by offering redundant Internet connectivity is crucial.
Configuring network hardware like firewalls or routers to reject incoming ICMP packets or blocking external DNS responses (via UDP port 53) can further enhance defences.
Moreover, it is imperative for all critical national infrastructure entities – such as financial services providers, telecommunications providers, and pertinent government service providers – to prioritize cybersecurity readiness and resilience. This involves implementing requisite cybersecurity measures to shield against potential attacks.
The head of corporate affairs and external relations at the agency, Mrs. Hadiza Umar urged Nigerians to reach out to CERRT.NG via email (firstname.lastname@example.org) for further inquiries.
The advisory serves as a timely reminder that the digital landscape’s threats are immediate and pervasive, demanding our collective vigilance and preparedness to protect our nation’s digital foundation.