Kenyan government websites among most targeted systems by hackers amid surge in cybercrime
Kenya’s critical information infrastructure, including government websites, became prime targets for cybercriminals following a surge in cybercrime threats towards the end of 2024
Kenya’s critical information infrastructure, including government websites, became prime targets for cybercriminals following a surge in cybercrime threats towards the end of 2024.
According to the cyber security report for the second quarter (Q2) of the financial year 2024/25, between October and December 2024, the National KE-CIRT/CC detected over 840 million cyber threat events.
This marked a significant rise in cyber attacks that utilised sophisticated methods, including malware, web application, and brute force attacks during Q2 compared to Q1.
Notably malware attacks involve malicious software designed to infiltrate, damage, or exfiltrate data from systems, web application attacks exploit weaknesses in web-based platforms and typically target user credentials, databases, and misconfigured security settings to gain unauthorized access or disrupt services and brute force attacks involve automated attempts to crack login credentials or passwords by trying numerous combinations.
Malware attacks saw an uptick with 33.9 million detected threat attempts in Q2.
These attacks primarily targeted vulnerable systems, including Internet Service Providers (ISPs), Cloud Service Providers, and government systems.
According to the report by the Communications Authority of Kenya (CA), “malware attacks majorly targeted vulnerable systems or those systems holding financial or sensitive data.
These attacks were aimed at undertaking data exfiltration, backdoor deployments, impact brand reputation and to encrypt or damage user data.”
The National KE-CIRT/CC issued advisories, recommending security measures such as integrating security by design during software development, asset management with patch management, and improving end-user cyber hygiene.
The agency also advised organisations to deploy Domain-Based Message Authentication, Reporting, and Conformance (DMARC) and spam filters to mitigate risks from malware threats.
Web application attacks also surged by 29.04%, with 4.5 million attempts recorded in Q2.
These attacks also largely targeted government systems and ISPs, focusing on exploiting weaknesses in user login credentials, web browsers, and database servers.
‘Mightiest Prophet’ issues directive to followers after Lynn Ngugi’s explosive exposé on a cult
Ruto welcomes Trump’s order recognizing only two genders
Congo severs all diplomatic ties with Rwanda as eastern conflict escalates
Atwoli responds to reports of using President Ruto for survival
Ruto changes State House Nairobi roofing structure to a flat roof
I can’t criticize Ruto’s government – CS Wandayi
CA noted that attackers often took advantage of misconfigurations in SSL/TLS security to gain unauthorised access to valuable data, damaging the reputation of affected organisations by leaking sensitive information.
To mitigate this threat, the National KE-CIRT/CC recommended disabling SSL 3.0 support in systems, upgrading end-of-life products, and applying relevant patches and updates.
Brute force attacks were also a significant concern, though they saw a slight decrease of 8.79% compared to the previous quarter.
The National KE-CIRT/CC detected nearly 35 million brute force attempts, primarily targeting government systems and cloud service providers.
The National KE-CIRT/CC recommended stronger password management, patching vulnerabilities in network-based services, and disconnecting devices from the network when not in use.
These steps, alongside regular software updates, are crucial for reducing the risk of brute force attacks.
Sifuna dares ODM members to quit party over allegiance to Ruto
CIA says lab leak most likely source of Covid outbreak
ODM addresses reports of calling for investigations into Raila’s alleged assassination plot
Gachagua alleges Ruto’s plot to disband Supreme Court
Sonko offers to educate 3-year-old boy whose father was stabbed to death in Mathare
Uhuru’s Jubilee Party announces its presidential candidate ahead of the 2027 general elections
Follow us
