ngCERT SECURITY ADVISORY ON ESCALATIING DISTRIBUTED DENIAL-OF-SERVICE (DDOS) THREATS WITHIN CRITICAL INFORMATION INFRASTRUCTURE

Advisory ID:   ngCERT-2026-040009

SUMMARY

ngCERT alerts all critical sectors to the persistent and escalating threat of Distributed Denial-of-Service (DDoS) attacks within Nigeria's cyberspace. Threat actors are leveraging botnets, amplification techniques, and exploitation of known vulnerabilities to disrupt the availability of essential services within government and private systems. These attacks are increasingly multi-vector and may be combined with other malicious activities, posing significant risks to national resilience and economic stability. Organisations are strongly advised to review this advisory, align it with their DDoS preparedness posture, and ensure it aligns with national incident response frameworks.

DESCRIPTION

A DDoS attack is a coordinated cyber operation in which multiple compromised systems, often forming botnets of infected servers, endpoints, and Internet of Things (IoT) devices, are used to overwhelm a target system, network, or application with excessive traffic, thereby exhausting its resources and rendering services unavailable to legitimate users. These attacks may manifest as volumetric floods that saturate bandwidth, protocol-based attacks that exploit weaknesses in network layers, or application-layer attacks that mimic legitimate user requests to evade detection. Threat actors frequently exploit known vulnerabilities such as CVE-2018-10561, CVE-2021-44228, CVE-2019-19781, CVE-2018-7600, and CVE-2020-25705 to compromise systems and expand botnet infrastructure, while also employing reflection and amplification techniques (e.g., DNS, NTP, Memcached) to significantly magnify attack traffic.

Damage:      Critical 

Probability:  High (CVSS Score 6.6 -10.0)

Platform(s):  All web Domain

CONSEQUENCES

If successfully exploited, this campaign may result in:

1. Disruption of critical services and prolonged system downtime.
2. Financial losses due to operational interruption and mitigation costs.
3. Degradation of national critical infrastructure resilience.
4. Reputational damage and erosion of public trust.
5. Exploitation as a diversion for ransomware or data exfiltration attacks.
6. Exposure to regulatory and compliance sanctions. 

SOLUTION/MITIGATION

ngCERT recommends the following:

1. Activate incident response and escalate internally.
2. Engage ISPs for traffic filtering and mitigation.
3. Enable DDoS protection (scrubbing, rate limiting, filtering).
4. Block malicious IPs and restrict non-essential traffic.
5. Patch vulnerabilities, including CVE-2021-44228, CVE-2019-19781, and CVE-2018-7600.
6. Harden systems and disable unused services.
7.  Deploy Web Application Firewalls and Intrusion Prevention Systems, and anti-DDoS solutions.
8. Implement anti-spoofing per Internet Engineering Task Force (IETF) Best Current Practices 38.
9. Ensure redundancy, load balancing, and auto-scaling.
10. Monitor traffic continuously and detect anomalies.
11. Report any incidents to ngCERT and share IOCs.    

HYPERLINK

• https://www.ncsc.gov.uk/collection/denial-service-dos-guidance-collection
• https://www.proofpoint.com/au/threat-reference/ddos
• https://www.a10networks.com/blog/5-most-famous-ddos-attacks/ 
• https://www.cloudflare.com/learning/ddos/famous-ddos-attacks/