State, cloud services top targets as hacker attempts at a record high

New data from the Communications Authority of Kenya (CA) shows that the method saw a 127.4 percent increase to 42.8 million attempts during the three months to December 2025, from 18.8 million in the previous quarter.

It is the highest number of brute-force attack attempts recorded in Kenya in the past year, highlighting growing threats to the country’s critical digital infrastructure as it positions itself as a regional technology hub with a ‘cloud-first’ approach for public services.

“These attacks targeted cloud service providers and government systems, with threat actors focusing primarily on database servers and user authentication credentials,” said the CA.

Cloud infrastructure offers virtual integration of hardware and software components such as servers, storage, networking, and management tools, to deliver cloud computing services over the internet with pay-as-you-go pricing, replacing the need for on-premises data centres.

Kenya’s Cloud Policy requires public institutions to prioritise cloud services over traditional systems. Local businesses, especially SMEs and technology startups, have also been adopting cloud computing.

Read: Cyberattacks against Kenya more than double to 8.6bn in a year

The CA says cyber attackers focused largely on database servers and user authentication credentials, exploiting weaknesses such as insecure login details, poorly configured remote access systems, and vulnerabilities in database infrastructure.

“Exploitation commonly occurred through weaknesses in database infrastructure, insecure login credentials, and misconfigured Remote Desktop Protocol configurations, enabling unauthorised access to critical systems,” said the regulator.

The regulator recorded 33.8 million attack attempts between January and March 2025, followed by 20.9 million between April and June, and 18.8 million between July and September.

The most targeted government and cloud providers’ systems last year included login pages, database servers, remote access systems, cloud service providers, mail servers, and content management systems (CMS).

However, the list of targets expanded in the last quarter to include user accounts, virtual private network (VPN) access, point-of-sale systems, and content delivery networks, indicating broader attempts to penetrate organisational and State networks.

As more organisations adopt remote working arrangements, the CA data shows cybercriminals increasingly target internet-connected devices and remote systems, exploiting exposed network switch ports and poorly secured remote working tools.

“These attacks were largely enabled by compromised credentials, lack of multifactor authentication, and expanded remote working,” the watchdog said. Attackers typically aim to gain unauthorised remote access and escalate privileges within networks, added the CA.

Privilege escalation involves increasing access rights within a network, moving from a standard user to a high-level administrator, or accessing peer-level accounts.

Cloud infrastructure has traditionally been provided by global tech giants like Amazon Web Services (AWS), Microsoft, and Google. Some businesses, however, have opted for locally hosted IT infrastructure due to competitive pricing, lower network latency, and access to locally based technical support.

But cybersecurity experts say that the growing reliance on cloud services, remote working tools, and interconnected devices is expanding the attack surface for hackers, increasing the need for stronger cyber defences across both State and private-sector systems.

Recommended measures include strong password policies, access management controls, regular security patches, and updates to vulnerable software.

→ [email protected]