Healthcare sector institutions are now bearing the brunt of ransomware cyber-attacks, with data showing that the average ransom demand exceeds $5.2 million (about Sh672 million at current conversion rates) per incident.
The latest cybersecurity report published by the Communications Authority of Kenya (CA) covering the three months ending December 2024 shows that many organisations are faced with repeated attacks shortly after paying the ransom, highlighting the troubling cycle of vistimisation.
A ransomware attack is a type of malware that prevents or limits users from accessing their system by either locking the system’s screen or blocking user files until a ransom is paid.
According to the CA, the healthcare sector experienced a 95 percent jump in ransomware incidents after they grew from 20 to 39 cases in October alone.
Other sectors like manufacturing and finance also faced significant threats, with incidents in the former rising by 37.9 percent.
“Ransomware groups have increasingly adopted sophisticated data exfiltration methods, utilising tools like Azure Storage Explorer to transfer large volumes of sensitive data to cloud storage before encryption,” wrote CA in the report.
“This trend emphasises the dual threat of data theft and operational disruption.”
The situation, CA notes, is further compounded by the emergence of new attack groups such as RansomHub, Sarcoma, and Interlock which have showcased evolving tactics, with Sarcoma credited to over 40 incidents in October 2024.
“The emergence of groups like Hellcat and PlayBoy Locker further underscores the dynamic nature of the ransomware landscape,” reads the report.
The Authority also continued to witness growth in the magnitude and complexity of Distributed Denial-of-Service (DDoS) attacks with threat actors leveraging botnets and exploiting vulnerabilities in connected devices such as smartphones and other household appliances to disrupt online services.
“DDoS attacks continue to increase in frequency and intensity, with cybercriminals using more powerful botnets and leveraging Internet of Things (IoT) devices to amplify their attacks,” says the regulator.
“There has been a rise in multi-vector DDoS attacks, which combine different attack techniques including volumetric, application-layer, and protocol-based attacks to overwhelm targets.”
Other sustained threats include social engineering which has once again been flagged for growing in sophistication, phishing which remains a dominant threat vector in the country partially driven by the exploitation of Artificial Intelligence (AI), as well as system misconfiguration attacks propelled chiefly by misconfigured cloud settings and insecure APIs (Application Programming Interfaces).
The CA report singled out AI-powered attacks as an emerging threats saying cybercriminals are increasingly utilising the technology to enhance their attack capabilities such as automating sophisticated phishing schemes and AI-driven malware.
Between October and December last year, CA detected 840.9 million cyber threats which marked a 27.8 percent jump from those detected in the quarter ended September.
“The increase in detected cyber threats can be attributed to the increase in the use of AI and machine learning technologies, inadequate patching of information systems, low levels of awareness about different threat vectors such as phishing and other types of social engineering attacks, hacktivism, among others,” the agency wrote.
Threat advisories issued during the review period rose 20.9 percent to 11.6 million compared to those issued during the preceding three months.
System attacks were the most detected threats accounting for 752.4 million followed by brute force attacks and malware attacks at 34.8 million and 33.9 million respectively.
Others were DDoS (15.1 million), web application attacks (4.5 million) as well as mobile application attacks (138,175).
Elsewhere, a recent Global Cybersecurity Outlook 2025 published by the World Economic Forum (WEF) indicated that supply chain vulnerabilities powered by rising geopolitical turmoil as well as new-age tech concepts such as AI are among factors set to present fresh complexities in policing the global cyberspace and waylaying threats this year.
The forecast noted that escalating geopolitical tensions are contributing to a more uncertain environment and affecting the perception of risks, with increased integration of and dependence on more complex supply chains leading to a more opaque and unpredictable risk landscape.
“Cybersecurity is entering an era of unprecedented complexity. Geopolitical tensions are intensifying, new technologies are emerging at a breakneck speed and threats are evolving into ever more sophisticated attack vectors,” wrote WEF.
“At the same time, expanding regulatory demands, vulnerabilities in interwoven supply chains, and a widening cyber skills gap are compounding the challenges organisations face in staying secure. The stakes have never been higher.”
