As Kenyans stand out as among Africa’s most tech-savvy populations, they continue to face a relentless battle against cyber threats. In Q2 FY2024-25, the period from October to December 2024, there has been an alarming surge in cyber-attacks, according to the National Kenya Computer Incident Response Team – Coordination Centre (National KE-CIRT/CC).
The multi-agency detected over 840 million cyber threat events in the period, marking a staggering 27.82% increase from the previous quarter due to the growing sophistication and frequency of cybercriminal activities.
The rise in cyber threats was largely attributed to the proliferation of Internet of Things (IoT) devices, which are inherently insecure, and the increasing use of artificial intelligence (AI) and machine learning (ML) technologies by threat actors to automate and refine their attacks.
System misconfigurations and brute force attacks were the most prevalent attack vectors in the country, with cybercriminals exploiting inadequate investment in technical infrastructure, legacy systems, and poor password management.
System attacks accounted for 752.44 million of threats detected as a majority of attacks were directed at the ICT sector, with cybercriminals focusing on database servers and operating systems owned by Internet Service Providers (ISPs) and Cloud Service Providers. These attackers took advantage of vulnerabilities in outdated operating systems and exploited leaked user login credentials to gain unauthorized access.
Brute force attacks, on the other hand, primarily targeted systems believed to contain sensitive data, such as financial information and login credentials. The main objectives of these attacks were to gain elevated privileges, obtain unauthorized access, and exfiltrate valuable data for financial exploitation.
In response, the National KE-CIRT/CC issued 11.58 million advisories during the quarter, representing a 20.90% increase from the previous period. These advisories focused on regularly updating systems, implementing organizational access controls, and utilizing multi-factor authentication and strong passwords. The Authority also emphasized the importance of security by design, asset management, and improving end-user cyber hygiene and awareness.
Looking forward, the agency highlighted several critical areas of concern, such as the dual-use potential of AI, advancements in quantum computing cryptography, and the security risks associated with supply chains and third-party applications.
The agency remains dedicated to strengthening threat detection capabilities, promoting the adoption of cyber security best practices, and investing in education and awareness initiatives to address the constantly evolving cyber threat landscape.
Globally, ransomware attacks remained a leading threat in the cyber security landscape, with new groups such as RansomHub, Sarcoma, and Interlock emerging and using increasingly advanced tactics. The healthcare sector was especially affected, witnessing a staggering 95% rise in ransomware incidents.
The manufacturing and finance sectors also faced considerable risks. Average ransom demands reached all-time highs, with some exceeding Sh673.40 million ($5.2 million) per incident.
Looking ahead, the agency identified several key areas of concern, including the dual-use nature of AI, advancements in quantum computing cryptography, and the security of supply chains and third-party applications.
It remains committed to enhancing threat detection capabilities, supporting the implementation of cyber security best practices, and investing in awareness and education programs to navigate the ever-changing cyber threat landscape.
