Anonymous Sudan launches DDoS attacks on Kenya
East Africa’s largest economy – Kenya – is on high alert after suffering a massive cyber-attack, which disrupted parts of the public sector and financial services.
The attack, which was revealed yesterday, prompted the government to call upon the private sector to work with the public sector to heighten cyber surveillance efforts.
The recently launched e-Citizen platform, Kenya Power and Lighting Company, Kenya Railways, Safaricom, Absa Bank, KCB and Standard Chartered Bank were among the reported victims of the attack.
Anonymous Sudan, an outfit of cybercriminals operating in Sudan, has claimed responsibility.
The attack on e-Citizen comes a few weeks after its launch by President William Ruto. It allows Kenyans to access over 5 000 government services online.
In a statement, Kenya’s ICT ministry, announced the attack but said data was safe and the government is on track to fixing the problem.
The government said cyber criminals used distributed denial-of-service techniques to attack the various assets.
ICT Cabinet Secretary Eliud Owalo said: "Technical teams blocked the source IP address where the requests were emanating from. For clarity, both the privacy and security of data were not compromised. The system was not hacked.
"As a consequence of the attack efforts, the system has been experiencing intermittent interruptions, which are affecting the normal speed of accessing services on the platform. These attempts have, however, been rebuffed by the security systems and applications in place.
"The relevant government of Kenya agencies are on high alert and have enhanced the security of the e-Citizen portal and all government services sites. All systems and portals under the control of the government of Kenya are safe.
"The government will continue its cyber surveillance efforts and encourages the public and private sectors to heighten their cyber surveillance efforts so that, jointly, we secure Kenya's cyberspace.
"To the public, we encourage reporting of all cyber security incidents to The National Kenya Computer Incident Response Coordination Centre."
The attack on Kenya comes on the back of multiple recent warnings by experts that African countries have increasingly become focal points for cyber threats.
The continent features prominently in the global top 100 for online threats, with Kenya ranked 35th, Nigeria 50th and South Africa 82nd, according to the latest data from the Kaspersky Security Network.
In the first quarter of 2023, Kaspersky reported that backdoor and spyware attacks were the most common threat types in South Africa, amassing 106,000 attack attempts.
Similar attack attempts were observed in Nigeria, totaling 46,000, while the same attacks peaked at 143,000 in Kenya.
The latest cyber security report by Liquid C2, 'The Evolving Cyber Security Landscape in Africa 2022', notes that cyber-attacks on businesses in Kenya, South Africa, and Zambia increased last year.
It says Kenyan businesses reported an 82% increase in such attacks, while South African enterprises recorded a 62% increase, and Zambian businesses a 62% surge.
Last month, at the ITWeb’s 18th annual Security Summit in Johannesburg, experts unpacked the latest developments in cyber security threats and how to counteract them.
The conference heard how the cyber security sector is battling a very dynamic environment and collaborative efforts to re-think strategies are needed to cushion the sector from emerging shocks.