Time flies with great content! Renew in to keep enjoying all our premium content.
Prime
Password, username attacks surge to 46m cases
Sasra has instructed Saccos to deploy 24-hour cyber-security monitoring systems, backed by dedicated response teams capable of detecting and neutralising threats in real time.
The use of trial-and-error to guess login credentials such as usernames and passwords to steal sensitive data or cash surged to 46.38 million attacks in Kenya in the three months to March, as the country shifts to cloud-based services.
The Communications Authority of Kenya (CA) said cases of persistent guessing of login credentials or encryption keys until the correct combination is found, technically called brute-force cyberattacks, increased 8.4 percent to 42.8 million recorded in the previous quarter.
These cases are increasingly targeting critical information infrastructure such as cloud service providers and government systems, the watchdog said. The latest figure marks the highest number of brute attacks Kenya has ever recorded in a single quarter and brings the total such threats detected over the past year to more than 128.8 million.
Attackers are primarily targeting database servers and user authentication systems, exploiting weak credentials, unpatched systems, and misconfigured remote access services.
The criminals then steal personal or financial information from databases and emails, deploy malware or ransomware, and hijack systems for further attacks.
“Over the period, attackers increasingly targeted IoT (internet of things) devices and remotely accessible systems through exposed Telnet ports, misconfigured RDP services and vulnerable libssh versions,” the CA said in its latest cybersecurity report.
The spike in the attacks comes as the overall number of cyber threat events declined by 26.15 per cent compared to the October–December 2025 period, suggesting a shift by criminals to more focused and persistent attack methods.
It also comes as Kenya positions itself as a regional technology hub and adopts a ‘cloud-first’ strategy for the delivery of public services.
Hackers stole a record Sh1.59 billion from Kenyan banks in 2024 in an attack that highlights the risk of cyber heists in the wake of heavy investment in tech and mobile banking.
Cyberthieves stole Sh810.68 million last, from Sh182.41 million a year earlier, through mobile banking —representing a jump of 344 percent.
The disclosure shows that the theft of customer deposits has grown fourfold from Sh412 million in 2023 due to fraudulent wire-transfer requests.
CBK data showed card fraud cost customers Sh263.29 million, being 16.9 times the Sh15.59 million lost in the prior year.
Computer fraud, which includes as hacking into systems to steal data, saw bank customers lose Sh203.39 million, a 2.7 times jump from the preceding year, while fraud through identity theft grew six times to Sh199.08 million.
The review period saw online banking fraud rise to Sh111.83 million from Sh106.2 million, while internet scams cost lenders Sh6.07 million up from Sh797,7000 in the prior year.
Cloud infrastructure offers virtual integration of hardware and software components such as servers, storage, networking, and management tools, to deliver cloud computing services over the internet with pay-as-you-go pricing, replacing the need for on-premises data centres.
Kenya’s Cloud Policy requires public institutions to prioritise cloud services over traditional systems. Local businesses, especially SMEs and technology startups, have also been adopting cloud computing.
Cloud infrastructure has traditionally been provided by global tech giants such as Amazon Web Services (AWS), Microsoft, and Google. Some businesses, however, have opted for locally hosted IT infrastructure due to competitive pricing, lower network latency, and access to locally based technical support.
But experts say the growing reliance on interconnected systems, alongside increased adoption of remote working in companies and government offices, is expanding the attack surface for cyber criminals, particularly in sectors handling sensitive data.
Cybercriminals use the initial entry into an organisation’s system to steal credentials, pivot within the network for higher privileges, and sometimes cause financial fraud. Privilege escalation involves increasing access rights within a network, moving from a standard user to a high-level administrator, or accessing peer-level accounts.
“These attacks were largely enabled by compromised credentials, lack of multifactor authentication and expanded remote working, with the objective of gaining unauthorised remote access and escalating privileges,” the communications watchdog said.
Some of the high-profile cyberattacks recorded in the country include last November, when dozens of Kenyan government websites, including the State House, Immigration Department, and the Directorate of Criminal Investigations, were defaced with extremist messages.
In July 2023, the State’s eCitizen platform was taken over by cybercriminals, which saw access to more than 5,000 government services from ministries, county governments and agencies paralysed.
The government in both cases said no data was lost during the attacks.
According to the CA, the broader cyber threat landscape is driven by inadequate system patching, low user awareness of phishing and social engineering tactics, and the rising use of artificial intelligence and machine learning tools by malicious actors.
