The Kenyan cybersecurity landscape is facing a significant challenge as the number of cyberattacks has skyrocketed by over 500 per cent in the past year, according to the Communications Authority of Kenya (CA).
Data from the National Kenya Computer Incident Response Team Coordination Centre (National KE-CIRT/CC) reveals a staggering 971,440,345 cyberattacks targeting Kenya between January and March 2024.
This marks a stark increase compared to the 187,757,659 threats detected during the same period in 2023.
This rapid rise coincides with Kenya's growing digital economy, highlighting a concerning trend.
However, the true cause for alarm lies in the evolution of cybercrime tactics. The CA warns of a disturbing shift towards AI-powered attacks.
Read More
Cybercriminals are leveraging artificial intelligence to enhance their social engineering strategies, propagate malware more effectively, and compromise critical infrastructure.
"AI-powered attacks are far more intricate," explains the CA. "They bypass traditional security measures through sophisticated social engineering techniques and by exploiting zero-day vulnerabilities."
These attacks can involve creating deepfakes to impersonate executives or crafting highly personalized phishing emails, making them significantly harder to identify.
Furthermore, the CA emphasizes the use of AI for automation within cyberattacks.
This allows criminals to launch attacks with greater speed and wider reach.
AI facilitates the rapid identification of targets, deployment of malware, and exfiltration of data.
"We are also seeing AI being used to develop new types of malware that can learn and adapt to security defences," warns the CA.
These self-replicating and mutating malware strains pose a serious challenge, as they become progressively harder to contain and eradicate.
The report further reveals that criminals are developing "adversarial AI" specifically designed to target and defeat AI-powered security systems.
The vast majority (90 per cent) of detected attacks during the quarter were classified as system attacks.
The remaining attacks included distributed denial of service (DDoS), malware deployment, brute force attacks, and attempts to exploit vulnerabilities in web and mobile applications.
The CA highlights the ongoing exploitation of system vulnerabilities, aligning with global trends. This is attributed to the widespread adoption of inherently insecure Internet of Things (IoT) devices.
These findings underscore the urgent need for Kenyan institutions and individuals to bolster their cybersecurity defences in the face of this evolving threat landscape.