Morocco has been faced since the beginning of April to a series of computer attacks targeting leading public infrastructure. The alert was officially given by the National Social Security Fund (CNSS), which confirmed that it had been the victim of a malicious act which led to the flight of certain personal data of its insured. Then broadcast on social networks, this information is, according to the establishment, often inaccurate, out of context or manipulated. But it seems, the case does not stop there and hides other more worrying dimensions …
The CNSS apologized for its affiliates and said that measures have been taken in coordination with the competent authorities to assess the extent of the attack and strengthen security systems.
In the immediate future, certain features of its online portals have been temporarily suspended, and an awareness campaign for insured has been launched. Among the instructions broadcast, the organization calls for caution and recommends regularly changing their passwords by favoring complex combinations, never communicating its personal identifiers by telephone, email or SMS, and to be wary of suspicious messages usurping the identity of the CNSS. The insured are also invited to rely only to the information published on the official website.
How should Morocco protect itself?
In this tense context, the cybersecurity expert, Hassan Kherjouj, sounds the alarm as to the growing risk of service denials (DDOS), which aim to saturate the servers by generating massive artificial traffic. To protect yourself from it, he recommends several key measures.
He first recommends the use of robust firewalls like Cloudflare, AWS Shield or Sucuri, capable of filtering traffic and blocking threats before they reach the servers. He also insists on the interest of a load distribution system (LOAD BALANCER) to distribute the flow to several servers, thus limiting the risk of total interruption.
Other tools such as ” rate limiting“, Which sets a maximum threshold of IP requests, and continuous traffic surveillance using platforms like Grafana, Kibana or Zabbix are highly recommended. Thus, Kherjouj recalls the importance of using CDNs (Content Delivery Networks), such as Akamai or Cloudflare, whose decentralized architecture makes it possible to disperse attacks, as well as the need to maintain regular backups of sensitive websites.
Other Algerian and Tunisian attacks?
While technical services are trying to stabilize the situation, other attacks are claimed by groups of foreign hackers. The Tunisian collective Rootstorm published a press release in which it claims an infiltration of the SIG Morocco system, a critical infrastructure dedicated to cartography, geospatial management and the coordination of national infrastructure.
The group claims to have had access to internal databases, sensitive administration panels and confidential documents. This attack, under their terms, aims to demonstrate the faults of Moroccan digital systems and to expose their lack of preparation in the face of modern threats. Rootstorm indicates that it is analyzing the data collected and does not exclude partial dissemination, in a way ” selective », In the coming days.
Another statement, this time signed by the group of Algerian hackers ” DDOS 54“, Announces the launch of a large -scale offensive campaign against the sites of the Moroccan government. According to their message broadcast on Telegram, the operation, described as “escalation“, Will extend over a period of fifteen days and aims to paralyze all the government’s digital services.
These DDOS type attacks, which consist in submerging a site until they make it inaccessible, are presented by the authors as a response to what they consider as ” digital violations »Repeated. The group claims that each attack is designed to mark the story of what it describes as ” cybernetic conflict« .
In the wake of these claims, information circulating on social networks also evoke the sudden offline of the websites of several ministries including that of agriculture and maritime fishing as well as the delegated ministry responsible for relations with the Parliament which would have undergone a brief attack.
Although some see it as signs of a new large -scale attack, no official declaration has been issued on this subject so far. The sites observed at this stage show that the Ministry of Agriculture, Maritime Fisheries, and the Tax Department site remain slow to access.