What Took Down A Myriad of Public & Private Sector Websites & Digital Services In Kenya Yesterday? Here’s What Happened & How To Sort It Out In The Future.
Yesterday, a myriad of public and private sector websites and digital services in Kenya went offline due to a series of cyberattacks. Those affected included Safaricom’s ubiquitous M-Pesa mobile money service, the Kenyan Government’s eCitizen portal, Kenya Power’s USSD shortcode, Standard Chartered Bank, NCBA Bank, and many others.
In a nutshell, what happened was widespread DDoS, or Distributed Denial of Service cyberattacks, which are essentially a form of digital congestion. It’s as if you are trying to drive on Thika Road during rush hour but all of a sudden, thousands of additional cars, buses, and trucks flood the road. Chaos, right? That’s pretty much what a DDoS attack does to a website or digital service as was the case yesterday. It sends so much traffic that a website or online service can’t handle it and ends up stuck in its own digital traffic jam!
So, how did this happen? Well, hackers who launch a DDoS attack use a bunch of computers (like, thousands of them, globally) that they’ve infected with a virus. It’s like having a digital army of computers, also called a botnet, at their disposal, ready to unleash chaos. In Kenya’s case, they sent these botnets to visit the affected websites and digital services all at once, causing massive overloads that kept them offline. It’s basically a form of digital sabotage!
Preventing DDoS attacks is not easy and requires a multi-layered approach. On the network level, organizations can install rate limiting, which restricts the number of requests a server will accept in a certain timeframe from a single IP address.
Advanced threat intelligence systems can also help identify botnet traffic patterns and block them. Think of it like traffic police that divert cars when there’s an accident so these services direct the traffic through different servers, which act like filters to keep out the bad stuff and let through the good.
On a personal level, everyone should ensure that their digital devices are secure to prevent them from being a part of these DDoS botnets. This includes keeping software and hardware updated, using strong and unique passwords, and being cautious about clicking on suspicious links or downloading untrusted software and apps.
Digital security isn’t a one-time deal — it’s an ongoing commitment, almost like a game of digital chess to stay ahead. These recent DDoS cyberattacks in Kenya are a wake-up call for organizations and individuals so we have to keep learning, stay updated on new cyber threats, and most importantly adopt best practices for cybersecurity.
