NAIROBI, Kenya – Kenya’s critical information infrastructure, including government websites, has emerged as a prime target for cybercriminals following a significant uptick in cybercrime threats toward the end of 2024. According to a recent report by the National KE-CIRT/CC, over 840 million cyber threat events were detected between October and December 2024—marking a notable increase from the previous quarter.
PAY ATTENTION: Flexible Payment Plans Available! Invest in Yourself & See the Return with Our Affordable Copywriting Course!
Malware Attacks Rise to 33.9M
Malware attacks topped the list with 33.9 million detected threat attempts in Q2 (October–December 2024). These attacks predominantly targeted vulnerable systems such as Internet Service Providers (ISPs), Cloud Service Providers, and government platforms.
“Malware attacks primarily targeted systems holding financial or sensitive data, aiming to exfiltrate information, deploy backdoors, or encrypt and damage user data,” the Communications Authority of Kenya (CA) noted in the report.
To counter the surge, the National KE-CIRT/CC advised organizations to:
- Integrate security by design during software development
- Employ asset and patch management
- Improve end-user cyber hygiene
- Deploy DMARC and spam filters to mitigate the risks from malware threats
Web Application Attacks Up by 29.04%
Web application attacks rose by 29.04%, reaching 4.5 million attempts in Q2. Criminals reportedly exploited weaknesses in:
- Web-based platforms
- User login credentials
- Databases and misconfigured security settings
Government systems and ISPs were the main targets, with cybercriminals often leveraging misconfigured SSL/TLS settings to gain unauthorized access or disrupt services. The National KE-CIRT/CC recommended disabling SSL 3.0 support, upgrading end-of-life products, and applying relevant patches to reduce vulnerabilities.
Brute Force Attacks Near 35M Attempts
While brute force attacks decreased by 8.79% compared to the previous quarter, nearly 35 million attempts were still recorded. These attacks focused on:
- Government portals
- Cloud service providers
- Other network-based services
Stricter password management, timely software updates, and disconnecting inactive devices from networks were among the top recommendations to curb brute force intrusions.
Why Cyber Threats Are Increasing
The Communications Authority (CA) attributes the escalating cyber threats to:
- Growing use of Artificial Intelligence (AI) and Machine Learning (ML) by cybercriminals
- Inadequate patching of systems
- Limited awareness about phishing and social engineering
- Emergence of hacktivist motivations
In response, the National KE-CIRT/CC issued 11.58 million advisories—up 20.9% from the previous quarter—emphasizing:
- Regular system updates
- Robust access controls
- Enhanced antivirus protections
- Implementation of multi-factor authentication
A National Security Priority
Kenya’s surging cyber threat landscape highlights the vulnerability of government systems, financial institutions, and critical infrastructure. The National KE-CIRT/CC’s initiatives underscore the need for collective efforts from both public and private sectors to bolster cybersecurity resilience.
