logo
ADVERTISEMENT

Explainer: DDoS attack that crippled services in Kenya for hours

Kenya came under cyberattack that affected its critical infrastructure

image
by JAMES MBAKA

News28 July 2023 - 09:02
ADVERTISEMENT

In Summary


  • Companies that were disrupted included the Kenya Power and Lighting Company, Kenya Railways and Transport and Safety Authority.
  • Other services affected were bank to Mpesa transfer, M-shwari and KCB Mpesa, Mpesa App and My Safaricom.

The government on Thursday suffered a cyber attack on its digital service provider and other platforms.

Several service-oriented installations were unavailable following a cyber attack that disrupted operations for hours. 

Companies and platforms whose services were disrupted included e-Citizen, Kenya Power and Kenya Railways.

Other services affected were bank-to-Mpesa transfer, M-shwari and KCB Mpesa, Mpesa App and My Safaricom app.

This followed a warning by the National Computer and Cybercrimes Coordination Committee of an impending cyber attack on critical infrastructure that would disrupt essential services. 

In its communication on Monday, the NC4 asked the Kenya Education Network Trust (KENET) to advise research and education institutions to take mitigation measures.

"It is recommended that KENET informs all research and education institutions in Kenya to implement the necessary cybersecurity measures and to share with director NC4 on any malicious traffic and incidents," NC4 director Evans Ombati said in a letter addressed to KENET director Prof Meoli Karshorda.  

"This traffic constitutes Distributed Denial of Service (DDoS) attack." 

However, ICT Cabinet Secretary Eliud Owalo confirmed the attack but said no data had been compromised.

What is Distributed Denial-of-Service (DDoS) 

According to a cyber security website - Imperva, DDoS is a cybercrime in which the attacker floods a server with internet traffic to prevent users from accessing connected online services and sites.

The attack aims to overwhelm the devices, services and network of its intended target with fake internet traffic known as botnets that will in turn render them inaccessible to or useless for legitimate users.

A botnet is a collection of hijacked connected devices used for cyber attacks that are controlled remotely from a Command and Control Center.

Botnets enable attackers to carry out DDoS attacks by harnessing the power of many machines and obscuring the source of the traffic.

According to them, DDoS attacks are classified according to the network connection layers they target.

They include volume-based attacks, protocol attacks and application-layer attacks.

DDoS can also be used as a smokescreen for other malicious activities and to take down security appliances and breach the target’s security perimeter.

Imperva reported that the attacks can be launched by individuals, businesses and even nation-states with different motivations.

Their motivations may include cyber vandalism, extortion, business competition, cyber warfare and personal rivalry.

DDos can leave behind massive destruction that may take weeks, months or even years to restore.

However, they can be stopped by constant monitoring of traffic to look for abnormalities and unexplained traffic spikes from suspected IP addresses.

People are also encouraged to keep an eye on social media for threats, conversations and boasts that may hint at an incoming attack.

ADVERTISEMENT

logo© The Star 2024. All rights reserved