Cyber attacks increase tenfold on outdated security systems

Business
By Macharia Kamau | Feb 09, 2024
Attackers target user login credentials and database servers. [iStockphoto]

Kenyan firms and individuals faced an increasingly hostile online environment as assaults by cybercriminals surged to high levels in three months to December last year.

A new report by the Communications Authority of Kenya (CA) shows that cyber threats detected by the Kenya Computer Incident Response Team Coordination Centre (Ke-CIRT/CC) increased by 943 per cent.

This, CA said, was due to increased capacity locally to monitor and repel threats but also due to limited investments in cybersecurity and outdated security systems.

Despite the surge in the number of threats, firms appear lax in reporting attacks as according to CA, there was a 10 per cent drop in investigation requests.

"During the three-month period between October and December 2023, the National KE-CIRT/CC detected over 1.29 billion cyber threat events, which represented a 943.01 per cent increase from the 123 million threat events detected in the previous period (July to September 2023).

"This exponential increase is attributed to enhancement of our cyber threat monitoring capabilities and the existence of vulnerable systems due to system misconfigurations," said CA in the cybersecurity report for the quarter to December.

"Further, the increased exploitation of 'system vulnerabilities' is also aligned to global trends, and relates to the global surge in the deployment and use of Internet of Things (IoT) devices which are inherently insecure."

Most prevalent were system misconfiguration attacks whereby hackers tried to gain access - sometimes successfully - into the systems of organisations including government entities, which stood at 1.27 billion.

"Majority of the attacks were targeted organisations within the ICT sector. Attackers targeted database servers, operating systems and infrastructure belonging to various Internet Service Providers (ISPs) and cloud-based services," said CA.

"Most attackers exploited vulnerabilities in outdated operating systems and leaked user login credentials.

"The exponential growth in the exploitation of system vulnerabilities, which is a vector that has long been used by cyber threat actors, may be attributed to the proliferation of IoT devices which are inherently insecure."

There was also an 89.6 per cent increase in the number of brute force attacks, which were largely targeted at the ICT sector and government systems.

According to CA, attackers targeted user login credentials and database servers belonging to government organisations and cloud-based services.

Most attackers exploited vulnerabilities in the remote desktop protocol and user login credentials.

Over the quarter, there was a 94 per cent increase in the number of attacks targeted at mobile applications, which targeted mobile devices such as phones and smart (android) TVs.

"The perpetrators of these attacks mainly sought to steal sensitive user data such as PII, login credentials and financial details for malicious purposes," said CA on attacks targeting mobile devices, adding that to minimise attacks, users should disable Android Debug Bridge (ADB) on their devices, download applications from trusted sources, check application permissions and keep software up to date.

There was a 10 per cent drop in digital investigation requests received by the Ke-CIRT.

Share this story
Revealed: Why millions are unable to afford Sh387 daily spent
The World Bank warns that rising fuel costs, weak job creation and widespread informal employment could push up to 2.4 million more Kenyans into poverty in 2026.
Agoa extension gives industry breathing room, results in highest-ever export earnings
The extension of the Growth and Opportunity Act (Agoa) until the end of 2028, has promoted certainity to exporters in textile industries and also created jobs in Kenya.
County workers' pension at risk in Sh2 billion Lapfund real estate mess
The Auditor General has flagged irregular contract changes and project delays that risk the loss of Sh2 billion at the Local Authorities Provident Fund (Lapfund).
Beverage price wars loom as Indian billionaire acquires Kenyan firm for Sh4.8b
Kenya's soft drinks market is on brink after Indian billionaire Ravi Jaipuria snapped up a Kenyan dairy and juice plant for $32 million (Sh4.8 billion).
SRC gazettes regulations to strengthen remuneration governance in public service
The Salaries and Remuneration Commission has introduced new regulations to improve transparency, link pay to performance and help control Kenya’s rising public wage bill.
.
RECOMMENDED NEWS