News

CA sounds alert on fake software

hack

A hacker at work. file photo | nmg

The telecommunications sector watchdog has warned companies and individual Internet users from buying fake software, saying it now offers hackers the most common loophole for executing cyber-attacks.

The Communications Authority of Kenya (CA), through the National Computer Incident Response Team Co-ordination Centre (National KE-CIRT/CC), warned on Thursday that cyber criminals have changed tack and are now using third-party software to deliver threats to unsuspecting users in an attempt to compromise and steal their personal data.

“Though Kenya has not been adversely affected by such attacks as at now, the trend depicts a serious concern in cybercrime management and thus a precaution should be taken when dealing with outsourced products and personnel,” said acting CA director- general Christopher Kemei in a statement.

Kenyan businesses lose billions of shillings and troves of sensitive information to hackers every year.

The CA’s warning follows similar cautions raised by local regulators. The Central Bank of Kenya (CBK) last year warned that local lenders are exposed to cyber-attacks and ICT-enabled fraud.

CBK noted that data on fraud reported to Banking Fraud and Investigation Department indicates cases relating to computer, mobile and Internet banking are on the rise.

Information Communication Technology Association of Kenya secretary-general Kamotho Njenga earlier said that since most banks have embraced online financial transactions to enhance convenience for their customers, the lenders are a soft target for cyber-attacks.

“The advisory therefore is to enable ICT users to make informed and risk-free decision on the choices of their products by engaging cybersecurity experts.”

Mr Kemei said that end users should treat free or low-cost cyber security software as potential threats and avoid their use if possible.

“Organisations and government institutions (should) properly vet software vendors in order to ascertain any concealed motive that might work against their interests especially with products interacting with organization’s critical infrastructure,” he said.

With its warning, the agency joins its global peers who have raised similar red flags.

READ: Banks to adopt new cyber security rules in November

Kenyan banks were among the institutions targeted in a large-scale attack against computers worldwide, ICT secretary Joe Mucheru said last year.

The computer virus called “WannaCry” spread through email crippled all services at public hospitals in the United Kingdom, froze some computers used by the Russian Interior ministry, impaired operations in German train stations among other disastrous outcomes.

READ: War on cybercrime goes beyond creating awareness

Kenya lost about Sh18 billion to cybercrime in 2016, according to an ICT security survey conducted by Kenya National Bureau of Statistics (KNBS) and the CA.
Mr Kemei noted that cyber-attack risks had been fueled by the increased offers of free anti-malware products by vendors. 

“The free anti-malware are used as a bait to lure the unsuspecting users, while the real intention is to have the anti-malware installed into a system, then use it to capture personal and confidential data,” he said.

“Such vendors later monetize the data collected or use it for their political or business advantage. This trend applies not only to anti-malware solutions but also any other third party software.”