Read time: 3 minutes

Kenya cyber attacks growing in sophistication; prevention is key

Johannesburg , 01 Dec 2016

The recent hacking of Kenya's Government in November 2016 has highlighted the increasing attacks in the country and placed a spotlight on the vulnerabilities and losses both government and online businesses are facing.

It's not only the frequency of the cyber attacks happening in Kenya at the moment, but also the size and sophistication of these assaults that government and business need to face up to.

The recent hacking of Kenya's Government in November 2016 has highlighted the increasing attacks in the country and placed a spotlight on the vulnerabilities and losses both government and online businesses are facing - about USD146m every year according to a recent cyber security report on Kenya.

This is in particular attributed to the fact that the country has shown a major increase in web-connected devices.

"Kenya and its surrounding countries has continuously attracted nefarious activities by cyber criminals, and the proliferation in distributed denial-of-service (DDoS) attacks in the region is today as much a reality as it is globally," says Bryan Hamman, territory manager for sub-Saharan Africa at Arbor Networks, the world's leading provider of DDoS protection in the enterprise, carrier and mobile market segments, according to Infonetics Research.

According to Paul Roy Owino, president of Information Technology, Security and Assurance (ISACA), Kenya currently records up to 3,000 cyber-related crimes per month, these include banking fraud, money transfer (M-pesa), to interference with personal data by hackers.

Reports following the latest major government attack state that local cyber security experts in Kenya are warning of the need to regulate Internet use and management as a national security issue.

Mark Campbell, consulting engineer for sub-Saharan Africa, points out that it is especially Kenya's growing financial, telecommunication and manufacturing sectors that are becoming popular targets for cybercrime.

"From a wider security standpoint, one of the greatest threats organisations still encounter is social engineering, which is a method used by threat actors to trick people into giving up confidential information. This is especially prevalent in the financial industry where fraudsters use social engineering to insert themselves into financial transactions using phishing, online forms, hijacked DNS sessions, SMS and USSD services.

"In addition, cyber threats have become a real concern amongst industrial automation and control systems, especially in the current Internet of Things (IoT) era. Attacks on industrial systems are often acted out for monetary, competitive, political or even social gain," he says.

Campbell also highlights that many IoT devices run on open source operating systems (OS) – mainly as this is cheaper to develop, thus making it more affordable with a short time to market.

"However, the result is that the code is poorly written with numerous security vulnerabilities. Of course the majority of users do not have the time, patience or expertise to test these for vulnerabilities, making many IoT devices – including our home appliances – a threat actors' dream. For example, I had some home IP cameras that had the telnet protocol open by default, with hardcoded and very easy to guess username/password, yet I couldn't find a new version of software for them. Even if I did, could I trust it? What's to say that a hacker hasn't targeting that ‘security unaware' vendor? If that vendors' online, upgrade code could be compromised, the attacker has an ‘Internet worth of Things' he can command and control," notes Campbell.

Hamman adds that for the majority of Kenyan private businesses, the most imminent threat today is that their online service is disrupted.

"As any online business knows, your competitor is just one click away and if your site is not available you cannot trade. E-commerce sites thus need to be vigilant at all times to protect their availability and profit," he says. "Cybercrimes in these instances are most often motivated by financial gain, exploitation of individuals/ brands, and for competitive reasons."

Although government sites are generally not built solely for commerce, Hamman warns that often when cyber criminals take sites offline – be they public or private –they do so as a smokescreen for more devious behaviour. "Whilst site owners are distracted by their website being down, cyber criminals use this shift in focus to create a more threatening and targeted DDoS attack on the company or institution with the purpose of infiltrating the network and holding the victims to ransom for money or political motivations, or to steal valuable data and intelligence, such as flight plans for private or military planes, amongst others," he explains.

Hamman stresses that companies are also still constantly hit by point of sale (PoS) attacks, with the physical skimmers of the past now having evolved into malware in PoS systems, that steal and exfiltrate confidential and sensitive information.

"Even as organisations realise both the monetary and reputational threat a security breach can create, seeking an ‘all-in-one-box' that automatically takes care of every factor of security simply does not exist. Security is a multi-layer problem that needs to be addressed as such and CIOs can never assume that a security project has been completed and can now be filed away. Security is a continuous and ongoing process," continues Hamman.

"Most importantly, an organisation needs to have pervasive visibility across its fixed, mobile and cloud-based network feeding into a threat management solution. Security teams need to focus on conversations happening across the network. Whilst an end-point and perimeter security solution is good to have, it can be compromised and manipulated by attackers. The only common point and primary information source that is to be trusted is the network and the traffic flowing across it, only this tells the whole story," says Campbell.

"Also, when under attack, every second counts. You can't be caught on the back foot. Preparation is thus key and organisations need to have people, policies and processes in place so that actionable intelligence and a practiced workflow to investigate a breach are kicked off immediately. Information sharing via computer emergency response teams (CERTs) is therefore of importance as often there are targeted campaigns against certain sectors or methods are the same."

Hamman ends by warning CIOs that they should never assume that a single breach or compromise was it and that it is over. "A DDoS attack is almost always part of a wider strategy. For this reason, the right tools must be in place to understand the breadth and scope of breach. An attacked firm can't just rebuild compromised hosts or servers, as breaches are generally part of a coordinated and well-orchestrated plan. Complex attacks, are on the rise."

For more information about Arbor products and solutions in Africa, please contact Bryan Hamman at

Read more
Daily newsletter