ADF STAFF
Cyberattackers are using a new, low-cost weapon to disrupt internet access to media sites across Africa — one that is difficult to defend against and rapidly proliferating.
The method of attack, called a distributed denial-of-service (DDoS), is a time-tested way to shut down sites by overwhelming their systems with incoming internet traffic.
A DDoS often targets high-profile or important sites such as government services or media operations to sow distrust.
Attacks on media sites, in particular, can prevent them from distributing news the attackers want to hide. In some cases, governments might launch DDoS attacks to censor or intimidate.
Attacks can exact a high cost in terms of the time and money needed to stop them.
“[Outlets] that try to do some hard-hitting independent journalism, but may not have the resources to defend themselves, are at great risk of being blotted out by a DDoS,” Doug Madory, director of internet analysis at the global network monitoring company Kentik, told the Committee to Protect Journalists recently.
Cyberattacks are rising rapidly in Africa, according to experts. The rapid spread of internet access has outpaced the cybersecurity needed to protect users from malicious actors. The rise of residential proxy attacks, which is a form of DDoS attack, is further complicating Africa’s internet security.
In the past, cybersecurity experts could mitigate damage by identifying which locations were blasting their sites with traffic and blocking them. Cyberattackers have found a way around that defense by using bots to co-opt thousands of private internet addresses, known as residential proxies, and virtual private networks (VPNs) to do their dirty work for them.
“The main asset of the proxy and VPN providers is to have access to [a] very large pool of IP addresses that are paired to geographical locations in every corner of the world,” according to the blog for internet host Qurium.
In many cases, the owners of those internet addresses willingly rent their unused bandwidth without knowing that they’ve become fronts for attacks.
The technique makes it nearly impossible to distinguish genuine visitors from potential threats as cyberattackers portray themselves as ordinary internet users to avoid being identified by security software.
As an example of how things are changing: In August 2023, South Africa’s Daily Maverick experienced a DDoS attack on its website after it reported on Indian Prime Minister Narendra Modi’s visit to Johannesburg. The website’s cybersecurity team shut down the attack by blocking the Indian internet address sending the overwhelming traffic.
Under a residential proxy attack, the Daily Maverick’s security team would have had a hard time determining exactly where the attack was coming from as the attackers use hundreds or thousands of legitimate addresses to swarm the site.
News organizations, including the People’s Gazette in Nigeria and the Somali Journalist Syndicate, also have suffered DDoS onslaughts in recent months, thanks largely to malicious actors working with online brokers that sell them access to residential proxies.
Anonymous Sudan, a group of Sudanese hackers, has launched DDoS attacks in recent months against Kenyan media outlets, along with telecommunications companies in Nigeria and Uganda, for what the hackers claimed was the victims’ support for the paramilitary Rapid Support Forces fighting the Sudanese Armed Forces for control of the country.
Residential proxies are becoming a key component of any DDoS attack, cybersecurity experts say.
Early this year, Microsoft said a “Russian state-sponsored actor” that was targeting its systems used a network of residential proxies to obscure its activity by hiding among legitimate internet addresses.
DDoS attacks will remain a challenge for African media and other internet users as online services, artificial intelligence and 5G technology continue to expand in the coming years, according to Mazen Adnan Dohaji, general manager of cybersecurity company LogRhythm.
“DDoS attacks have serious consequences for the media as they prevent the public from accessing information,” Nigerian attorney and media freedom advocate Nompilo Simanje wrote recently for Premium Times. “Going forward, training, engagements, and policy development focused on DDoS attacks on media outlets are worth placing on stakeholders’ agendas.”