Communications Authority of Kenya (CAK) has released the Sector Statistics Report for Q2 2018 and which usually indicates the cyber threat statistics for a given quarter.
These ‘cyber threats’ checked by CAK include malware, web application attacks, botnets, system misconfigurations and online abuse. The regulator also says there was an increase in cyber threat globally. In particular, there were rising cases of malware and sale of stolen data and credentials (personal data and credit card information.)
“The cyber threats detected varied from denial-of-service (DoS) including botnet and brute-force attacks that led to denial of computer services and illegal access to computer systems; online impersonation via social media accounts and domain names; website attacks including defacement; malware including phishing attacks; online abuse including online fraud, hate speech, incitement to violence and fake news; and systems misconfiguration,” says the CA report.
Among the various cyber threats listed, malware had the biggest delta change where CAK registered 1,844,897 threats between July and Sept 2018 which astronomically rose to 9,026,924 threats between October and December 2018. This is a 389% increase which is astounding and according to the regulator, it included “phishing attacks and attacks perpetrated through the exploitation of misconfigured systems.”
Last week, CA warned of a malware dubbed Emotet that accessed confidential information of Kenyans using online banking and payment systems. The malware, which attacked 11 Kenyan institutions, can cost up to $1 million (Sh102 million) per incident to resolve, according to the United States Computer Emergency Readiness Team.
Other threats like web application attacks, botnets, and online abuse saw decreased activities compared to what was recorded in the previous quarter with botnets registering the biggest decrease.
CAK also noted the increase in the number of fake mobile application hosted on popular online stores which deliver malware to mobile phones thereby defrauding unsuspecting users.
During the same period, CAK issued 12,197 cyber threat advisories of which the bulk were system misconfiguration (9,101). This was a 91% increase compared to the previous quarter.
The CA report paints a picture of increased threats in the form of malware, web application attacks, system misconfiguration and online impersonation. However, there is a marked decrease in online abuse.
However, Kenyans still remain in void over the Cyber Crimes Bill after the High Court temporarily suspended 22 sections of the law when industry players criticized it for targeting content creators rather than looking out for citizens’ digital wellbeing.