Cyber criminals target wealthy businesspeople
Cyber criminals are now targeting high profile people and businesses for higher returns in Kenya, a report released last week shows.
The 2023 Annual Cybersecurity Report shows that most victims have been forced to close down their social media accounts due to loss of money to strangers, harassment and trampling of privacy.
“The nature of these attacks has evolved, becoming more sophisticated and harder to detect,” the report states.
According to the report by researchers from Trend Micro, the online criminals are becoming choosy and smarter, and are on the prowl in the country despite the arrests and prosecutions by the police.
“We blocked approximately 37 million email threats, over half a million malicious Uniform Resource Locators (URLs) in the country,” says Gareth Redelinghuys, Country Managing Director for the African Cluster at Trend Micro.
During the same period, more than one million malicious mobile apps directed at Kenyan businesses and consumers were also saved from falling victims.
Quality over quantity
This shift indicates that cybercriminals are opting for quality over quantity, seeking higher returns from fewer, more valuable targets.
“Our latest data shows that threat actors are fine-tuning their operations, shifting away from large-scale attacks, and instead focusing on a smaller range of targets but with higher victim profiles for maximum gain with minimum effort,” Redelinghuys said in a statement to the media last week.
Even as Trend Micro protected Kenyans from hundreds of ransomware attacks, the overall trend shows a decrease in the number of such attacks. The nature of these attacks has evolved, becoming more sophisticated and harder to detect.
The report further states that the cybercriminals use advanced techniques to avoid being detected, such as Living-Off-The-Land Binaries and Scripts, which use non-malicious files native to operating systems to camouflage their activities.
Global ransomware detections have seen a significant drop from 2021 to 2023, averaging less than half the detections recorded in 2020.
However, this decline should not lead to complacency among security teams, as the reduction in volume does not equate to a reduction in threat severity.
Detection measures
The report also highlights an increase in Trojan FRS threats globally, suggesting that attackers are becoming more adept at bypassing initial detection measures.
In 2023, several ransomware families exploited remote and intermittent encryption, as well as unmonitored virtual machines, to bypass Endpoint Detection and Response (EDR) systems. By using less content during encryption, these attacks minimize the chance of triggering detection mechanisms.
Prominent ransomware groups such as Clop and BlackCat were particularly active last year. Clop exploited major vulnerabilities, while BlackCat launched a new variant and leveraged regulatory requirements to pressure victims into quicker responses.
Email threats in Kenya have also seen a shift towards more sophisticated methods. Although email threat detections decreased from over 66 million in 2021 to 37 million in 2023, the rise in malware detection suggests a strategic shift by attackers.
Rather than indiscriminately targeting large numbers of users, cybercriminals are now conducting more targeted operations, such as Business Email Compromise (BEC) schemes, which are designed to appear legitimate and evade scrutiny.
“IT leaders must refine their processes and protocols to combat these persistent and increasingly sophisticated attacks with efficiency,” urged Zaheer Ebrahim, Solutions Architect for the Middle East and Africa at Trend Micro.
“As attacks become more difficult to detect, the cost of successful breaches will rise,” added Zaheer.
In April this year, the National Assembly approved the regulations that will provide a framework to monitor, detect and respond to cybersecurity threats within Kenya’s cyberspace and ensure the protection of the critical information structure.
The Computer Misuse and Cybercrime (Critical Information Infrastructure and Cybercrime Management) Regulations, 2024 was approved after it was subjected to months of public participation exercise.
Referenced as Legal Notice No. 44 of 2024, the regulations were drafted by the National Computer and Cybercrimes Coordination Committee (NC4) to operationalize the Computer Misuse and Cybercrimes Act, 2018.
According to the Internal Security Principal Secretary Dr Raymond Omollo the key aspects the CMCA Regulations address include protection measures for critical information infrastructure supporting critical economic sectors including telecoms, banking, transport and energy sectors; cybersecurity operations management using cybersecurity operations centres; and cybercrimes management.