Cyber attacks on Senegalese institutions: Analysis, advice and recommendations for rapid remediation
This week, the hacktivist group Anonymous reportedly targeted several Senegalese government websites. Using Denial of Service (DDoS) attacks, these hackers made several sites belonging to various ministries unavailable, including the Ministry of Agriculture, the Presidency of the Republic, the General Secretariat of the Government, the Ministry of Infrastructure and Land Transport, the Ministry of the Environment, the Ministry of the Civil Service, the Ministry of the Armed Forces, and the Ministry of Community Development, National Solidarity and Territorial Equity.
In an increasingly interconnected world, digital security plays an essential role. Senegal, like many other countries, is faced with threats to its IT systems. The recent attacks on Senegalese government websites demonstrate the crucial importance of strengthening security measures to protect our institutions, all the more so in a tense geopolitical and political context. This attack highlights the need to take appropriate measures to prevent such intrusions and protect sensitive data and critical infrastructure.
The aim of this article is to provide some non-exhaustive advice and recommendations on how to strengthen cyber security for our instructions and prevent future attacks.
I – Measures to be taken on the spot for rapid remediation :
It is important for the Senegalese government to take rapid and effective measures to mitigate the effects of the attack and restore the availability of your important services.
Detection
Detect the attack and monitor for signs such as network congestion, service unavailability or abnormal traffic patterns.
Alert
Immediately alert security teams and security service providers so that they can take action to counter the attack.
response plan
Develop an incident response plan or action plan, identifying the roles and responsibilities of each member of the team responsible for managing the attack.
Mitigation measures
Implement mitigation measures to limit the effects of the DDoS attack. This may include the use of firewalls, traffic filtering systems or DDoS protection services offered by specialist providers.
Log analysis
Analyse logs and record system activity to remove information about the attack, such as source IP addresses, traffic types and attack vectors. This information will be useful for investigating the incident and taking the necessary steps to deal with it.
Transparent communication
Communicate transparently and regularly with relevant parties, providing updates to maintain transparency and reassure stakeholders.
In-depth analysis
Once the attack has been brought under control, carry out an in-depth analysis of the incident to identify the vulnerabilities exploited and make improvements to the security infrastructure. This may involve software updates, security enhancements or changes to the network architecture.
Feedbacks
Use this experience to strengthen preparedness for future DDoS attacks. Put in place monitoring mechanisms and response plans to be better prepared for such situations in the future.
II – Measures to be considered over the long term
1. Awareness-raising and training
Awareness-raising and training for civil servants and users of government IT systems are essential elements in strengthening cybersecurity. Institutions should set up regular awareness-raising programmes to inform their staff about potential risks and best security practices. This includes raising awareness of phishing techniques, the safe use of passwords, secure Internet browsing, the protection of sensitive data, identifying the signs of a possible cyber attack, etc.
2. Strengthening the IT infrastructure
Institutions must invest in a robust and secure IT infrastructure to prevent cyber attacks. This includes firewalls, intrusion detection systems, protection against malicious software and encryption of sensitive data. Regular updates of software and operating systems must also be carried out to correct known vulnerabilities and reinforce the overall security of infrastructures.
3. Identity and access management (IAM)
Identity and access management is a key element of cyber security. Institutions must implement robust authentication systems to control and limit access privileges to sensitive systems. A least privilege approach is recommended, where users only have access to the resources they need to perform their tasks. In addition, passwords should be complex, regularly changed and securely stored.
4. Regular back-ups and an incident response plan
Regular back-ups of critical data are essential to minimise losses in the event of a cyber attack. Institutions’ security teams should implement frequent backup procedures and store backed-up data in secure locations. In addition, it is crucial to draw up an incident response plan that specifies the actions to be taken in the event of a security breach. This plan should include the appointment of an incident response team, the steps to be taken to contain the attack, communication with stakeholders and system recovery.
5. Security audit and penetration testing
Security teams should carry out regular security audits to assess the robustness of their systems and identify any vulnerabilities. This can be done by calling in IT security experts or by forming an internal team dedicated to this task.
Penetration tests, also known as “pentests”, are simulations of attacks carried out to assess the resistance of systems to real cyber-attacks. These tests make it possible to identify weak points and take the necessary measures to correct them.
6. Collaboration and information sharing
Collaboration between government institutions, the private sector and security organisations is essential to strengthening cyber security in Senegal. It is important to share information on threats and attacks in order to better guard against the new techniques used by cybercriminals.
The establishment of strategic partnerships, exchanges of expertise and best practices will strengthen the country’s overall security posture. For example, effective collaboration can be established between bodies responsible for information protection, cybersecurity and data protection, such as the CDP, Senegal Numérique, private companies, and so on. These players can come together to discuss and strengthen Senegal’s digital strategy and cybersecurity. This collaboration will make it possible to share knowledge and good practice and to develop efforts to meet the growing challenges in terms of digital security.
7. Continuous monitoring and proactive response
Cybersecurity is not limited to defensive measures, but also requires continuous monitoring of systems. Institutions need to put in place intrusion detection and suspicious activity monitoring tools to quickly identify cyber attacks in progress. Once detected, a proactive and coordinated response must be implemented to contain the attack, minimise the damage and prevent similar incidents in the future.
8. Protection of personal data
The protection of personal data is a crucial aspect of cyber security. Institutions must comply with data protection laws and regulations, such as the Personal Data Protection Act. This means putting in place appropriate security measures to guarantee the confidentiality, integrity and availability of the personal data collected and processed. In addition, it is important to make users aware of the importance of protecting their personal information and to provide them with the means to control the use of their data.
It would be appropriate to provide the necessary resources to the Personal Data Protection Commission (CDP) in order to strengthen its role in advising and supervising institutions in terms of personal data protection. This translates into a willingness to grant additional resources to the CDP to strengthen its technical and human capacities. This will enable it to acquire in-depth expertise in personal data protection and better advise institutions on best practices.
9. Monitoring social media and social engineering
Social media have become prime targets for cyber attacks. Institutions must actively monitor activities on social media to detect attempts at phishing or spreading false information.
In addition, it is crucial to make civil servants/employees aware of the risks associated with social engineering, which aims to manipulate individuals to obtain sensitive information. Adequate training and ongoing awareness-raising can help prevent these underhand attacks.
10. Investment in research and development
Cyber security is a constantly evolving field, with new threats and attack techniques emerging regularly. Institutions need to invest in research and development to keep up to date with the latest trends and best practice in cyber security. This can involve collaborating with universities, research centres and other players in the IT security sector to foster innovation and develop cutting-edge solutions to cyber security challenges.
Moussa SALL
Senior Consultant Cybersecurity GRC & Data Protection