Hacking attacks on Kenya’s financial systems, including mobile banking, rose nearly three-fold to 444 million in the year ending June 2022, highlighting the vulnerability associated with increased Internet access in the country.
The cyber-attacks rose from 158.4 million a year earlier as more people worked from home, ordered products online and made payments via mobile phones.
An email scam using a message from someone pretending to be a relative of a dead African leader asking for bank details is well known, but now tactics have changed.
Today’s cyber-criminals do not need users’ approval or awareness to access valuable data, which could lead to the theft of a large amount of money.
Kenya’s highly digitised economy linked with mobile money through telcos and banks has made the country a target for cybercrime and online fraud, with banks losing hundreds of millions annually.
The Central Bank of Kenya (CBK) said it had engaged payment service providers (PSPs) to ensure their alertness and defences, especially around festive seasons.
“This surge in cyber threats directed at local targets was attributed to increased Internet penetration, uptake of e-commerce services and cloud-based services to support remote working as well as a rise in the use of social media,” the Kenya Financial Sector Stability Report says.
Cyber-attacks have become a key risk to businesses in Kenya on increased use of mobile and Internet banking that have exposed bank customers to cybercrime, especially fraud, malware and phishing attacks.
Financial malware includes viruses that are designed and developed to retrieve financial information and steal money from individuals and firms.
Hacking continues to cost firms billions of shillings and sensitive information, heightening the calls for them to beef up their remote working systems.
According to the Allianz Risk Barometer 2022 report, the most feared cause of business interruption is cyber incidents, reflecting the rise in attacks, the impact of companies’ growing reliance on digitalisation and the shift to remote working.
There were more than 200 million cases of malware attacks which accounted for the majority of cyber hacks in Kenya, especially Ransomware.
Ransomware is a type of malware attack in which the attacker locks and encrypts the victim’s data and important files and then demands a payment to unlock and decrypt the data.
Distributed Denial of Service (DDoS) -- attack where the hackers jam systems crippling operations until a ransom is paid -- is ranked second.
DDoS attacks happen when hackers instal malware in a network then remotely control computers to disrupt the normal traffic of a targeted server by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
Some of the attacks are done through phishing attempts where the criminals collect personal data and use it to siphon cash.
Phishing happens where criminals send out legitimate-looking e-mails from trustworthy websites requesting personal and financial details from unsuspecting people.
Widely circulated links promising free airtime, money and other products have been used in phishing attacks to collect personal data and use it to siphon cash.
The increase in cyber-attacks points to the growing vulnerability facing institutions like banks and government offices who risk losing confidential information and billions of shillings to hackers.
The Communications Authority of Kenya (CA) issued 7.9 million advisories in the year to July 2022, up from 93,696 last year, in an attempt to curb the rising attacks.
The CA asked Kenyans working from home and their businesses to change their default passwords and enable multi-factor authentication (MFA) where applicable.
It also asked users to carry out system monitoring and be on the lookout for any suspicious network activity and use firewalls to track inbound and outbound activity from the various applications installed in their computers or devices.
The regulator further advised users to choose applications and plug-ins carefully as most backdoors hide inside seemingly benign free apps and plugins.
Kenya will also benefit from the setting up of one of Africa’s two Internet Corporation for Assigned Names and Numbers (ICANN) data centre meant to increase Internet speeds and make it harder for hackers to jam networks.
The data centre will provide higher bandwidth and data processing capacity, reducing the risk of the Internet going down because of a cyber-attack. Increased capacity lessens the impact of attacks.
ICANN servers will specifically reduce the impact of DDoS cyberattacks that work by overwhelming servers with a flood of queries.