Distributed Denial of Service (DDoS) cyber threats posted record growth during the three months ended last December, rising over eight times compared to the preceding quarter as online activity intensified ahead of the end-year festivities.
Data from the Communications Authority of Kenya (CA) shows the threats grew from 1.8 million during the quarter ended September to 15.1 million during the period under review, breaking a trend where the volume of DDoS threats had been shrinking for two consecutive quarters.
DDoS is a form of cyberattack that involves flooding a target – a server or a web resource – with overwhelming traffic to make it inaccessible to the intended users.
The net effect leads to operational downtimes for businesses and could result in brand reputational damage and financial losses due to drops in legitimate traffic.
The CA notes that the escalated threats came at a period that was marked by an overall growth across sub-sectors within the telecommunications industry, driven hugely by heightened activity during the festive season.
Other threat types whose volumes grew during the period include web application attacks, system vulnerabilities as well as mobile application attacks recording 29 percent, 28.9 percent and 17.4 percent surges respectively.
The overall cyber landscape witnessed a 27.2 percent rise in susceptibility, with total threats detected rising to 840.9 million up from 661.2 million during the quarter ended September.
“The total number of cyber threats detected during the quarter increased by 27.2 percent to 840.9 million. In response to cyber threat events detected, the National KE-CIRT/CC issued 11.6 million advisories marking 20.9 percent increase compared to last quarter,” wrote CA.
The National KE-CIRT/CC (National Kenya Computer Incident Response Coordination Centre) is a multi-agency framework that acts as Kenya’s national cybersecurity point of contact, charged with coordinating response and managing cyber security incidents across the country.
The CA has also recently sounded alarm over rising proliferation of Artificial Intelligence (AI)-enabled cyberattacks, saying cybercriminals are increasingly utilising the technology to enhance their attack capabilities such as automating sophisticated phishing schemes and AI-driven malware.
Elsewhere, a recent Global Cybersecurity Outlook 2025 published by the World Economic Forum (WEF) indicated that supply chain vulnerabilities powered by rising geopolitical turmoil as well as new-age tech concepts like AI are among factors set to present fresh complexities in policing the global cyberspace and waylaying threats this year.
The forecast noted that escalating geopolitical tensions are contributing to a more uncertain environment and affecting the perception of risks, with increased integration of and dependence on more complex supply chains leading to a more opaque and unpredictable risk landscape.
“Cybersecurity is entering an era of unprecedented complexity. Geopolitical tensions are intensifying, new technologies are emerging at a breakneck speed and threats are evolving into ever more sophisticated attack vendors,” wrote WEF.
“At the same time, expanding regulatory demands, vulnerabilities in interwoven supply chains, and a widening cyber skills gap are compounding the challenges organisations face in staying secure. The stakes have never been higher.”
