The Communications Authority of Kenya (CA), through the National Computer Incident Response Team Coordination Center (National KE-CIRT/CC), has issued a cybercrime warning and an advisory on supply chain risks in using third-party software.

According to CA, the advisory aims help ICT users make informed and risk-free decisions on their product choices by engaging cybersecurity experts. The regulatory body says cyber criminals are now mostly using third-party software to deliver threats to unsuspecting users, in an attempt to compromise their personal data.

Christopher K. Kemei, CA Director General comments, “Though Kenya has not been adversely affected by such attacks as at now, the trend depicts a serious concern in cybercrime management and thus a precaution should be taken when dealing with outsourced products and personnel.”

Kemei says a supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates a system through an outside partner who validly has access to the systems and data.

Cyber criminals target a bank

In a recent cyber crime incident, hackers breached systems belonging to the National Bank of Kenya and made away with Ksh 29 million. The bank recently confirmed the incident on 17 January, through a statement on its twitter handle.

“The amount of attempted fraud is about Ksh 29 million and we are confident we will recover most of that money,” read the statement.

The bank also confirmed that security are in pursuit of the fraudsters and investigations are ongoing.

The National Bank also stated that customer accounts had not been affected and refuted social media claims that over Ksh 340 million had been lost.

Sanjay Vaid, Director of Cyber Security and Risk at Wipro, said the introduction of omni-channel platforms such as online banking, eCommerce platforms, mobile applications (both banking and for mobile purchasing, as well as non-banking platforms such as the blockchain), requires broader, more effective security measures to be implemented.

Vaid says ransomware and malware have caused issues on a global scale. “However the banking sector been besieged by all manner of cyber crime since the dawn of digital banking. As the business of banking is centred around the handling and transacting of money on various scales, banks and their customers are often considered soft targets for cybercriminals looking to make a quick buck.”