Kabarak cyberattack: Key lessons security gatekeepers can pick


Cyber-attacks are increasingly becoming a constant threat to businesses across the globe particularly in Kenya. PHOTO | SHUTTERSTOCK

A fortnight ago, newspaper and blog headlines were awash with details of the takeover of Kabarak University’s Facebook page by a hacker who claimed to be a student from an IT-based high school in Jakarta, Indonesia.

The latest cybercrime that has rattled corporate institutions’ cyber security management in the country came hot on the heels of yet another similar attack that had targeted supermarket chain Naivas in a case of ransomware attack.

The act, committed by an online criminal organisation identified as Threat Actor, saw Naivas’ data get compromised to an unknown extent before the attack was contained.

The two incidents, still freshly reeling on the minds of corporate and other institutional cybersecurity gatekeepers have rekindled the long-held debate about online safety and security assurances.

Social media accounts, especially those owned by prominent persons, celebrities, government agencies and giant companies have for long been favourite targets of hackers keen to use the platforms for extortion of disinformation.

But what really happens before such a high-level takeover?

“In most cases of social media account take-overs, you’ll find that the account holders have not implemented some basic security controls on the accounts as advised by the platform's guidelines,” observes Risk advisory partner at Deloitte East Africa Anthony Muiyuro.

Although the Kabarak incident response team has not shared the root cause of the breach, Mr Muiyuro alludes to certain pointers that are likely to have given rise to the attack.

“The most obvious and basic pointer is weak password and/or password sharing. In some scenarios, one finds that the passwords being used over the accounts are easy and guessable. It is always recommended that passwords be at least 16 characters in length with a combination of numbers, characters, symbols and alpha-numerics,” he explains.

He adds: “In other cases, you find that most have their passwords shared among many people. This increases the risk of losing the account to who has the password thus reducing accountability.”

Head developer at GIT Software Solutions Samuel Gathirwa, who also doubles up as an IT consultant with Boltech Training College, says that hackers are always on the lookout for vulnerable accounts, and thus owners have to maintain constant vigilance.

“One of the easiest ways to keep your account safe is to avoid clicking on links and images that you don’t recognise or those that look suspicious. These could be disguised as enticing content like pornography or promises of free money,” states Gathirwa.

“In reality, these links can lead to malware, viruses or even phishing scams that could compromise your account,” he adds.

What to do when hacked

Mr Gathirwa opines that taking quick and immediate steps to report and attempt recovery efforts upon realising an account compromise could go a long way in preventing further damage.

“It is important to act quickly if you suspect your account has been hacked as the criminals could use your account to send spam or malicious messages to your family or friends. Most social platforms have a well-spelt out process to initiate recovery,” he states.

Prevention measures

Though industry professionals agree that there can never be a completely sure way of assembling immunity and mounting defence against cyberattacks, a raft of measures are recommended to minimise the likelihood and impact.

Multi-Factor Authentication

It is advisable that different levels of authentication be employed on all accounts that organisations hold. The measure entails verification and validation of users who are getting access to the accounts.


Risk advisory partner at Deloitte East Africa, Anthony Muiyuro. FILE PHOTO | NMG

The two-factor authentication is the most commonly used where one not only has to use their username and password to log in but have to also confirm authenticity via a code sent to a device or to an email.

Accounts management

Only trusted users of the organisation should be mandated to manage company accounts such that in the event of a breach, there is a clear chain of responsibility.

If at one point anyone within the trusted circle opts out, all passwords and verification methods should be changed.

Use strong passwords.

Having complex passwords is a safety measure. However, it is recommended that users be creative and employ passphrases as combinations of words that make no sense, mother tongue, slang or combination of any other language as long as it can be remembered.

Avoid saving passwords.

This is bad password and cyber hygiene that is strongly discouraged.

Raise awareness.

Account holders should identify phishing links. Have the users understand that credentials cannot be supplied to any link that requests them, but that verification of the link being authentic needs to be done.

Kabarak University finally regained control of the account last week following Meta, the Facebook owner's intervention, marking an end to more than seven days of anguish.

Mr Muiyuro however says prevention is always better than recovery.

[email protected]