The Communications Authority of Kenya has reported a significant surge in cyber threats within Kenya during the three-month period leading up to December 2023.
According to its 2023/24 Q2 cyber security report, the regulatory body highlights a staggering increase to over 1.2 billion cases of cyber threats, a stark rise from the 123 million detected in the previous quarter, marking a 943 percent escalation.
This rise is attributed to the bolstering of Kenya’s cyber threat monitoring capabilities and the heightened exploitation of ‘system vulnerabilities,’ propelled by the expanded deployment and utilization of Internet devices.
Specifically, malware, brute force, web application, and mobile application attacks accounted for 13.2 million, 9.7 million, 0.07 million, and 0.05 million cases, respectively.
In response to these threats, the National Cyber Security Centre issued 8.06 million advisories during the reviewed period, indicating a 44.4 percent increase compared to the previous quarter.
The report notes that system misconfiguration attacks were predominant during this period, aligning with global cyber threat trends, where malware attacks, particularly ransomware, were most prevalent.
Edward Kisiang’ani, Kenya’s Broadcasting and Telecommunications Principal Secretary, emphasized the severity of the situation, highlighting Internet Service Providers (ISPs), cloud service providers, government entities, and the education sector as the top targeted industries. He underscored the potential detrimental impact on the economy should successful cyber-attacks occur in these sectors.
In the preceding Financial Year 2022–2023, Kenya faced 860 million cyberattacks, with critical information infrastructure (CIIs) being the primary target, witnessing an increase in frequency, sophistication, and volume of cyber threats.
Of these attacks, 79 percent were attributed to cyber criminals exploiting vulnerabilities in organizations’ internal controls, system procedures, and information systems to gain unauthorized access to computer systems.
However, PS Kisiang’ani assured that the government is prioritizing the upgrading of threat detection systems and enhancing the skills of human resources to effectively combat cybersecurity challenges.
He also expressed readiness to collaborate with neighboring countries in the region to mitigate cross-border cyber threats within the context of global cybersecurity realities.