Kenya cyber-attacks down 55pc on awareness drives, digital signatures


Kenyan organisations faced 123.9 million cyber threats during the three months to last September, a 55.4 percent drop from the attacks detected in a similar period last year, fresh data from the Communications Authority of Kenya (CA) shows.

In its first quarter of the current financial year cybersecurity report, the regulator attributes the dip to ongoing spirited cyber awareness campaigns, capacity-building efforts spearheaded by the Kenya Computer Incident Response Coordination Centre (KE-CIRT/CC), and increased adoption of digital signatures.

During the period under review, CA’s incident response centre issued 5.6 million advisories, which was a marginal increase from the 5.3 million in the first quarter of the past year.

System attacks, which refer to attempts to gain unauthorised access to a computer, topped the list of detected threats at 89.7 percent, followed by malware and brute force attacks at 6.1 percent and 4.1 percent, respectively.

Malware, a short form for ‘malicious software’, refers to a program or a file designed to cause harm to a computer, server or network while a brute force attack is a hacking method that uses trial and error to crack passwords and other login credentials.

“There was a significant increase in the number of advisories related to brute force attacks during this period, with the advisories serving to caution against the continued use of default and weak passwords on sensitive systems, such as IoTs and Internet-enabled CCTV systems,” says the regulator in the report.

“In addition, the National KE-CIRT/CC issued advisories on zero trust, anti-distributed denial-of-service (DDoS), update of info security policies, the need for regular backups, cyber awareness, as well as on the need to update software to patch known vulnerabilities.”

The State agency said while the web application attacks remained relatively minimal compared to other attack vectors, their impact was significantly pronounced as was the case with the eCitizen DDoS attack, which grounded online public services in July.

To arrest password compromise incidents, Internet experts have urged businesses to opt for broadband fibre connections as opposed to Wi-Fi networks as the former can resist electromagnetic interference, which in turn enhances network stability and reduces the risk of cyber-attacks and data breaches.

“Broadband fibre connection is generally considered to be more secure than wireless and WI-FI connections. This is because fibre optic cables are less susceptible to interference and hacking than radio waves.

“Additionally, fibre optic cables are not easily tapped into compared to wireless networks,” says technology leader Stanley Mwangi Chege.

A recent report by global cybersecurity and digital privacy firm Kaspersky points to a rise in spyware attacks targeting Kenyan organisations, marking a 12.9 percent increase in the three months to last March.

In the report, Kaspersky said cyber criminals are now sending malicious software to gather data from devices and later send it to third parties and calls for more pointed attention to the threats and rollout of proactive measures to safeguard Kenya’s digital infrastructure.

“Cybercriminals are exploiting the inadequate cybersecurity practices prevalent in various business sectors, capitalising on weak network defences, outdated software, and limited investment in robust security measures,” reads the report in part.

“The consequences of such breaches in these sectors can have far-reaching implications on national security and public welfare.”

The CA says during the quarter to September, KE-CIRT/CC also received 301 digital investigation requests, with impersonation concerns topping the list followed by requests for probe into fake news.

Others were incitement, cyberbullying, online fraud, data theft, copyright infringement and child abuse.

PAYE Tax Calculator

Note: The results are not exact but very close to the actual.