Cyber attacks increase tenfold on outdated security systems

Business
By Macharia Kamau | Feb 09, 2024
Attackers target user login credentials and database servers. [iStockphoto]

Kenyan firms and individuals faced an increasingly hostile online environment as assaults by cybercriminals surged to high levels in three months to December last year.

A new report by the Communications Authority of Kenya (CA) shows that cyber threats detected by the Kenya Computer Incident Response Team Coordination Centre (Ke-CIRT/CC) increased by 943 per cent.

This, CA said, was due to increased capacity locally to monitor and repel threats but also due to limited investments in cybersecurity and outdated security systems.

Despite the surge in the number of threats, firms appear lax in reporting attacks as according to CA, there was a 10 per cent drop in investigation requests.

"During the three-month period between October and December 2023, the National KE-CIRT/CC detected over 1.29 billion cyber threat events, which represented a 943.01 per cent increase from the 123 million threat events detected in the previous period (July to September 2023).

"This exponential increase is attributed to enhancement of our cyber threat monitoring capabilities and the existence of vulnerable systems due to system misconfigurations," said CA in the cybersecurity report for the quarter to December.

"Further, the increased exploitation of 'system vulnerabilities' is also aligned to global trends, and relates to the global surge in the deployment and use of Internet of Things (IoT) devices which are inherently insecure."

Most prevalent were system misconfiguration attacks whereby hackers tried to gain access - sometimes successfully - into the systems of organisations including government entities, which stood at 1.27 billion.

"Majority of the attacks were targeted organisations within the ICT sector. Attackers targeted database servers, operating systems and infrastructure belonging to various Internet Service Providers (ISPs) and cloud-based services," said CA.

"Most attackers exploited vulnerabilities in outdated operating systems and leaked user login credentials.

"The exponential growth in the exploitation of system vulnerabilities, which is a vector that has long been used by cyber threat actors, may be attributed to the proliferation of IoT devices which are inherently insecure."

There was also an 89.6 per cent increase in the number of brute force attacks, which were largely targeted at the ICT sector and government systems.

According to CA, attackers targeted user login credentials and database servers belonging to government organisations and cloud-based services.

Most attackers exploited vulnerabilities in the remote desktop protocol and user login credentials.

Over the quarter, there was a 94 per cent increase in the number of attacks targeted at mobile applications, which targeted mobile devices such as phones and smart (android) TVs.

"The perpetrators of these attacks mainly sought to steal sensitive user data such as PII, login credentials and financial details for malicious purposes," said CA on attacks targeting mobile devices, adding that to minimise attacks, users should disable Android Debug Bridge (ADB) on their devices, download applications from trusted sources, check application permissions and keep software up to date.

There was a 10 per cent drop in digital investigation requests received by the Ke-CIRT.

Share this story
Ruto clears the way for CBK to buy gold locally, flags surge in demand
President William Ruto has signed a new law allowing the CBK to buy and hold locally mined gold, a move aimed at strengthening foreign reserves and supporting the country's mining sector.
Beyond the bottom line: Why ethics now define financial success
Prioritising rapid growth and unchecked profit over risk management and transparency can jeopardise the entire global economic architecture.
The grand return: South African corporates back in droves despite historical fail
A recent multi-billion-shilling deals signal, renewed investor confidence despite previous exits by South African firms.
Ruto targets productivity to cut State wage bill
President William Ruto has unveiled public service reforms that will tie civil servant pay and promotions to productivity in a bid to cut Kenya’s wage bill and improve efficiency.
Banking. Family opens its 97th branch
Family Bank has opened its 97th branch, expanding its customers' access to financial solutions for Small and Medium-sized Enterprises (SMEs).
.
RECOMMENDED NEWS