Cyber-attacks dip to 971m as mobile phone attacks surge
Kenya’s cyberspace witnessed fewer attacks in the three months leading up to March, with incidents decreasing to 971.4 million from 1.29 billion in the previous quarter, according to new data from the Communications Authority (CA) of Kenya.
Most of the attacks exploited system vulnerabilities, which may be attributed to the proliferation of Internet of Things (IoT) devices, which are inherently insecure.
Amid a surge in the use of mobile telephony, the report noted a significant rise in mobile application attacks, jumping from 52,705 in December to 171,232 in March.
According to the regulator’s third-quarter sector statistics report for 2023/24, there was a significant dip in cyber-attacks targeting companies despite an increase in specific types of threats, including malware, brute force attacks, and web application attacks.
The report, which provides an overview of the national cyber landscape, shows malware threats increased from 13.22 million at the end of 2023 to 33.19 million in March, while brute force attacks soared from 9.67 million to 28.01 million in the same period.
Web application attacks increased from 72,536 to 199,435 during that period. System vulnerability threats saw a substantial decrease, falling from 1.269 billion in the last quarter of 2023 to 871.22 million by the end of March.
The regulator warns that cyber threat actors have been leveraging artificial intelligence (AI)-driven attacks to extend their social engineering efforts, spread malware, carry out adversarial attacks, and compromise critical information infrastructure and IoT devices. Increased sophistication has seen AI-powered attacks become more intricate, bypassing traditional security measures through techniques such as sophisticated social engineering and exploiting zero-day vulnerabilities.
These attacks involve creating deepfakes to impersonate executives or tailoring phishing emails with higher personalization, making them harder to detect. Among other detected online risks were Distributed Denial of Service (DDoS) attacks, with a total of 38.64 million recorded from January to March 2024.
Despite the overall decline in cyber-attacks, the report indicated a notable increase in the number of advisories issued by the CA, which grew to 8.5 million from 8.06 million in the review period. These advisories included digital investigations and digital forensics support.