The Nigeria Computer Emergency Response Team has warned organisations across Nigeria’s critical sectors over escalating Distributed Denial-of-Service attacks targeting digital infrastructure nationwide.
In a fresh advisory, ngCERT said cyber threat actors are deploying sophisticated methods, including botnets, amplification techniques and exploitation of known vulnerabilities, to overwhelm systems and disrupt essential services.
The agency said both government and private sector platforms remain vulnerable as attackers continue refining their methods.
A Distributed Denial-of-Service attack is a cyberattack designed to flood servers, services or networks with massive internet traffic, making them inaccessible to legitimate users.
According to ngCERT, the attacks have become more complex and harder to contain due to the growing use of multi-vector techniques.
It explained that attackers now combine volumetric floods, protocol-based exploits and application-layer attacks that imitate legitimate user activity to evade detection.
The agency identified vulnerabilities including CVE-2018-10561, CVE-2021-44228, CVE-2019-19781, CVE-2018-7600 and CVE-2020-25705 as common tools used by attackers to compromise systems and expand botnet networks.
ngCERT said compromised servers, endpoints and Internet of Things devices are increasingly being weaponised to launch coordinated cyberattacks.
The advisory also highlighted the use of reflection and amplification techniques through services such as DNS, NTP and Memcached to increase the scale of malicious traffic directed at targeted systems.
The agency warned that successful attacks could trigger prolonged service outages, financial losses, operational disruptions and weakened resilience of critical infrastructure across the country.
It added that cyberattacks could damage corporate reputations, erode public trust in digital systems and serve as cover for more severe threats such as ransomware deployment and data theft.
ngCERT urged organisations to strengthen cybersecurity measures and align their response strategies with national incident response frameworks.
Recommended measures include activating internal response protocols, working with Internet Service Providers for traffic filtering and deploying dedicated DDoS protection systems such as rate limiting and traffic scrubbing technologies.
The agency also advised organisations to patch known vulnerabilities promptly, deploy Web Application Firewalls and Intrusion Prevention Systems, and strengthen system hardening measures.
Other recommendations include implementing anti-spoofing protections, maintaining continuous network monitoring and improving infrastructure resilience through redundancy, load balancing and auto-scaling capabilities.
The warning comes weeks after the Nigeria Data Protection Commission raised concerns over coordinated cyber threats targeting Nigeria’s financial systems and key digital infrastructure.
The Commission had urged organisations handling personal data to strengthen technical and operational safeguards against cyber threats and privacy breaches.
