Explainer: All you need to know about the cyber attack in Kenya

A digital illustration. Cybercriminals lock files on your pc and offer a key to unlock them. [iStockphoto]

Kenya is suffering a Distributed Denial-of-Service (DDoS) attack on several sites including the e-Citizen platform.

A DDoS attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

How a Ddos attack works and how you can counter it

First, the attackers will have to gain access to a computer in a network by distributing malware or a virus. The distribution can be through the use of social media websites, emails, or even phishing.

The attacked machine also called a bot or zombie infects the network. All machines connected to the network will be affected and are collectively called a botnet. These computers are infected with a special kind of software that lets the attackers control them from a distance.

Once the computers in a network are infected or a botnet has been established, the attackers use that to send high-traffic requests simultaneously. This results in flooding of traffic, overwhelming the target infrastructure and making it hard for it to handle legitimate requests.

For example, as a genuine user, you will not be able to request let's say airtime balance on your phone since that path is already overwhelmed by the large flow of traffic from the botmaster.

The attacker- now called the botmaster- has the ability to command and control the flow of traffic (all requests coming in) using the botnet. Remember, they now have access to as many computers as possible and can control them remotely by sending instructions to the bots (your computer).

 Note, your computer may be compromised and you may never know about it.

A botmaster is wise, once they have access to a network they don’t act immediately. The main goal will be to recruit as many devices as possible to expand their botnet.

Once the botnet is ready, the attackers command the compromised devices to start sending a massive amount of traffic to the target system or network. This traffic flood can be in the form of HTTP requests, User Datagram Protocol (UDP) Transmission Control Protocol (TCP) packets, or other network traffic types.

The target network will now receive an overwhelming amount of traffic from the botnet, which in turn affects the infrastructure and consumes the resources such as memory, processing power, and bandwidth making it difficult for it to respond to user requests. As a result, the system becomes slow, unresponsive, or could crush, and that might have been the case experienced by the e-Citizen portal and other government services.

How to prevent a DDoS attack

Preventing DDoS attacks can be challenging, but here are some simple steps you can take to reduce the risk:

Consider using specialized DDoS protection services offered by various providers. These services can detect and filter out malicious traffic before it reaches your website.

Ensure your online services are hosted on a scalable infrastructure that can handle sudden spikes in traffic. This makes it harder for attackers to overwhelm your system.

Configure firewalls and routers to block suspicious traffic and limit the number of connections from a single source.

Implement rate limiting to restrict the number of requests from a single IP address or user within a certain time frame. This can help prevent overwhelming your system with excessive requests.

Use anomaly detection tools to identify unusual patterns in traffic behavior. This can help you spot potential DDoS attacks early.

Utilize Central Depository System (CDS) services to distribute traffic across multiple servers. These services can help distribute the load and mitigate the impact of a DDoS attack.

Ensure you regularly update your software, including operating systems, web servers, and applications. Patching known vulnerabilities can prevent attackers from exploiting them.

Set up traffic filtering rules to block known malicious IP addresses or known patterns associated with DDoS attacks.

Develop a comprehensive incident response plan that outlines how your team will respond to a DDoS attack. This ensures a quick and coordinated response if an attack occurs.

Train your employees about DDoS attacks and cybersecurity best practices. Employees should be aware of social engineering tactics that attackers might use to gain access to your network.

Remember, while these measures can help reduce the risk of a DDoS attack, no solution is entirely foolproof. Therefore, it's essential to continuously monitor your systems and adapt your defenses as new threats emerge.