The Communications Authority of Kenya (CA) has raised alarm over what it terms the increasing proliferation of Artificial Intelligence (AI)-enabled cyberattacks, even as the overall threats targeting Kenyan organisations and institutions dipped 41.9 percent during the three months that ended September 2024.
An AI-powered cyberattack leverages algorithms to carry out malicious activities. This kind of attack uses AI to enhance the capabilities of traditional cyberattacks, making them more sophisticated and challenging to detect.
In its latest cybersecurity report, the communications sector regulator says that the National Kenya Computer Incident Response Team – Coordination Centre (National KE-CIRT/CC) detected 657.8 million cyber threats during the review period, which marked a drop from the 1.1 billion incidents detected during the quarter ending June.
CA says that the majority of the detected attacks exploited system vulnerabilities, adding that the trend is attributable to the continued adoption of AI-enabled attacks, attacks targeted at system misconfigurations as well as the continued adoption of botnets and Distributed Denial of Service (DDoS) attack techniques.
“Cybercriminals are increasingly using AI-enabled attacks to enhance the efficiency and magnitude of their operations. They leverage AI and machine learning to automate the creation of phishing emails and other types of social engineering,” noted CA Director General David Mugonyi.
“Further, they are increasingly targeting system misconfigurations to exploit security weaknesses. These include open ports, insufficient access controls, amongst others, enabling cybercriminals to gain unauthorised access to systems, steal sensitive data or even deploy malware,” he added.
During the quarter ended September, system attacks contributed the bulk of detected threats to stand at 583.7 million down from 1.06 billion during the preceding quarter, and were distantly followed by brute force and malware attacks at 38.1 million and 33.9 million respectively.
A system attack is an attempt to disable computers, steal data, or use a breached computer system to launch additional attacks.
“Cyber-attacks occasioned by system misconfiguration may be linked to inadequate investment in technical infrastructure, use of legacy systems and default login credentials, and low levels of cyber risk awareness,” wrote CA in the report.
“These factors all contribute to increased susceptibility of the critical information infrastructure sectors to cyber threats.”
During the review period, the regulator reports, the National KE-CIRT/CC issued a total of 9.6 million threat advisories, which translated to a 2.5 percent jump from the 9.3 million advisories issued during the three months to June.
DDoS attacks dipped at the fastest pace of 75.1 percent to stand at 1.8 million at the close of December, followed by system attacks which dropped 45.2 percent to 583.7 million during the period.
Brute force attacks, on the other hand, rose at the fastest rate of 42.01 percent during the period to stand at 38.1 million, followed by web application attacks which grew 18.6 percent to 174,251 as malware threats ballooned 6.13 percent to 33.9 million.
“These malware attacks were mainly targeted at systems that were deemed as being vulnerable or holding valuable or sensitive data. The objective of these attacks was to conduct backdoor deployments, perform data exfiltration, impact brand reputation, and encrypt or damage user data,” said CA.
Most of the web application threats targeted government systems and the ICT sector as attackers sought to obtain user login credentials, as well as exploit vulnerable web browsers and database servers belonging to government and Internet Service Providers (ISPs).
Similarly, brute force attackers targeted government systems and cloud service providers, with a direct focus on login credentials and database servers belonging to government organisations and cloud-based services.
“Most attackers exploited vulnerabilities in the remote desktop protocol, database servers, and user login credentials,” notes the regulator.
