Hacking attacks rose above 100 million breaches in the nine months to September as cyber criminals increasingly ride on smart phones to hack into consumer bank accounts.
Cyberthieves are using such so-called malware to steal banking credentials from unsuspecting consumers when they log on to their bank accounts via their mobile phones, according to regulators and cybersecurity specialists.
A cyber security report from the Communication Authority of Kenya (CA) shows that malicious software attacks hit 103 million in the nine months to September from 99 million in the same period a year earlier.
The surge in attacks points to criminals looking for new and lucrative ways to attack firms, disrupting operations and compromising sensitive data across diverse sectors — from healthcare and financial services to retail and regulatory bodies.
This highlights the growing financial exposure of local firms to data theft, extortion and operational downtime caused by malicious software.
Central Bank of Kenya (CBK) data show that half of the Sh1.59 billion that was stolen from banks last year by hackers was through mobile banking.
The communications regulator said the attacks mainly targeted Internet service providers, cloud platforms, government systems and enterprise networks that hold large volumes of consumer or financial data.
The Authority noted that most incidents involved the exploitation of outdated software, default passwords, and unsecured system configurations that allowed attackers to gain entry and install backdoors for repeated access.
Malware was identified as one of the top threat vectors facing Kenya’s critical information infrastructure alongside system attacks and web application exploits during the three-month review period.
“Malware attacks mostly targeted systems with known vulnerabilities and those containing sensitive information,” the report states, adding that the objectives included “data encryption or corruption, reputational damage, the deployment of backdoors for persistent access, and the exfiltration of confidential data.”
The regulator said the attacks were largely aimed at stealing credentials, encrypting sensitive data, or deploying ransomware designed to paralyse operations until payments are made to the perpetrators.
Malware infections often begin when employees click on phishing emails, open infected attachments, or visit compromised websites that automatically download malicious code on company networks.
Once inside, the malware spreads across servers and endpoints, harvesting credentials and disabling key systems that support payments, supply chains, or public services.
The growing mobile-phone malware threats represents a new entry point for criminals who typically were used to stealing bank credentials by other means, such as installing skimmers on automatic teller machines or by using scams targeting desktop computer users.
The CA report said the persistence of malware is being driven by the use of artificial intelligence and cybercrime-as-a-service models, which allow criminals to automate attacks and lease malicious tools at minimal cost.
“The detected cyber threats can be attributed to several factors, including inadequate system patching, limited user awareness of threat vectors such as phishing and other social engineering techniques, as well as the growing adoption of AI-driven attacks.
These developments, the agency said, have lowered entry barrier for attackers and increased the frequency of attempted intrusions across both public and private networks.
During the quarter, the National KE-CIRT/CC issued 19.9 million cyber threat advisories, warning organisations to review firewall configurations, update antivirus systems, and strengthen password policies.
The CA report shows that financial institutions, government agencies, and cloud service providers remain the primary targets of these attacks because of the sensitive data and real-time transactions they handle.
The CA says weak cyber hygiene, especially in patching and password management, remains the single biggest driver of successful malware infections.
The regulator further warns that firms relying on legacy systems and unsupported software face the highest probability of financial loss from malware-related incidents.
