The Nigeria Computer Emergency Response Team (ngCERT) has issued a fresh alert to organizations across Nigeria’s critical sectors, warning of a sustained and intensifying wave of Distributed Denial-of-Service (DDoS) attacks disrupting digital infrastructure.

In the advisory, ngCERT stated that threat actors are increasingly deploying sophisticated techniques, including botnets, amplification methods, and the exploitation of known vulnerabilities, to overwhelm systems and render essential services inaccessible.

The agency noted that both government and private sector platforms are at risk as attackers refine their methods.

A DDoS attack is a malicious attempt to disrupt a server, service, or network by overwhelming it with a flood of Internet traffic, making it unavailable to legitimate users.

According to the agency, the evolving nature of DDoS attacks has made them more complex and harder to mitigate.

• These attacks are now often multi-vector, combining different techniques such as volumetric floods that saturate bandwidth, protocol-based exploits targeting network layers, and application-layer attacks designed to mimic legitimate user activity.
• ngCERT explained that attackers frequently exploit vulnerabilities such as CVE-2018-10561, CVE-2021-44228, CVE-2019-19781, CVE-2018-7600, and CVE-2020-25705 to compromise systems and expand botnet networks.
• These compromised systems, which may include servers, endpoints, and Internet of Things devices, are then used to launch coordinated attacks.

The advisory also highlighted the use of reflection and amplification techniques leveraging services like DNS, NTP, and Memcached, significantly increasing the volume and impact of malicious traffic directed at target systems.

The agency warned that successful attacks could have far-reaching consequences for Nigeria’s economy and national security. These include prolonged service outages, financial losses arising from operational disruptions and mitigation efforts, and weakened resilience of critical infrastructure.

Beyond immediate operational impacts, ngCERT noted that such attacks could damage corporate reputations and erode public trust in digital systems. In some cases, DDoS incidents may also serve as a diversionary tactic, masking more severe cyber threats such as ransomware deployment or data exfiltration.

Separately, the Methodist Church Nigeria, Diocese of Remo in Ogun State, has condemned cybercrime, urging that those involved, referred to as 'Yahoo boys and girls,' should be properly educated and engaged in profitable ventures.