A cyber-attack will disrupt Uganda worse than the next pandemic: Let’s prepare

In July 2024, a faulty software update issued by cybersecurity firm CrowdStrike caused widespread disruption worldwide. The update affected customers running Microsoft Windows, leading to grounded flights, impacted financial companies and news outlets, and disruptions in hospitals, small businesses, and government offices. These outages highlight the fragility of our digitized world, which relies heavily on a few providers for IT services.

It's still unclear what happened in Uganda and whether anyone was affected. However, 2 banks in Uganda were affected. They just chose not to report this publicly. To clarify, simply running Microsoft Windows is not sufficient to be affected. Instead, only those running Microsoft and the CrowdStrike software for cybersecurity were impacted. This particular software is commonly used by large enterprises, governments, and other public sector organizations to protect their systems from cyber attacks. If you have Windows and CrowdStrike, you may have been affected.

It's crucial to avoid single points of failure, whether that means relying on a single cybersecurity provider or having just one network operator providing service to your building. Implementing redundancy for critical systems, such as having at least two of everything, is important.

The recent issue was a supply chain problem, as a single cybersecurity provider's software was used across a wide range of organizations. Due to the lack of diversity in the ecosystem, one problem had a widespread impact, causing global devastation.

In my view, the world was lucky that this incident wasn’t a result of a malicious cyber-attack but what if it was? And it wouldn’t be the first time. On Friday, May 12th, 2017 a massive hacking attack known as WannaCry caused worldwide computer chaos. 

This ransomware attack spread quickly using a tool that security experts believed was developed by the NSA. The tool, EternalBlue, exploited a vulnerability in the SMB protocol, allowing the ransomware to infect computers. The attack affected more than 200,000 computers in over 150 countries. However, a cybersecurity expert in England discovered a kill switch in the ransomware's code, which stopped it from spreading further, providing a temporary solution.

The attack highlighted issues with cybersecurity, such as the importance of installing software updates and backing up data regularly. It also revealed the risk of using outdated operating systems, like Windows XP, especially in critical infrastructure such as hospital systems. Despite the chaos caused by WannaCry, most organizations were able to recover their systems without paying the ransom.

What happened on Friday, May 12th, is something called a ransomware attack. In this type of attack, your data is encrypted by an attacker, rendering it inaccessible. The attacker then demands cryptocurrency payment in exchange for decrypting the data. There are two variations of ransomware attacks: one involves the permanent loss of data, while the other involves the threat of releasing the data to the public. 

To prevent data loss, it's essential to have a reliable backup. However, if the threat involves the release of data, additional measures such as strong access controls and data encryption are necessary. It's crucial to regularly update software, use antivirus and endpoint detection systems, and provide comprehensive end-user training to mitigate the risk of a ransomware attack.

So what lessons should the government of Uganda learn from this? We need a robust cybersecurity offensive and defensive strategy. Ever since the WannaCry ransomware attack was deployed, such attacks have risen by 125 percent since the Covid-19 pandemic. 

In 2019, the Uganda Communications (computer emergency response team) Regulations were gazetted, putting in place the CERT.UG/CC, which is the national point of contact for cybersecurity incident coordination Uganda and coordinates sub-sector CERT teams in Uganda. 

However, it has not developed a coherent national cybersecurity strategy because it’s underfunded. I would not like to see a ransomware attack deployed against the Real-Time Gross Settlement system (RTGS) at Bank of Uganda that can cripple the economy. We need to learn lessons.

Samuel Obedgiu, Biotechnologist and Researcher. [email protected]