Image credit: Sophos
Kenya’s National Computer Incident Response Team – Coordination Centre (KE-CIRT/CC) has reported an alarming rise in cyber threats, with over 4.5 billion incidents detected between April and June 2025.
The figure marks an 80.7% increase compared to the previous quarter, underscoring the country’s growing exposure to sophisticated cyberattacks.
The surge was attributed to unpatched systems, limited user awareness, and the growing use of AI-driven attack methods. Threat actors also increasingly leveraged Internet of Things (IoT) devices and botnets to scale attacks across critical infrastructure sectors.
The data shows sharp contrasts across different attack categories:
- System Attacks: 4.49 billion incidents, up 81.86% from the previous quarter.
- Malware Attacks: 47.4 million incidents, up 93.07%.
- Web Application Attacks: 12.7 million incidents, up 150.78%.
- Mobile Application Attacks: 189,004 incidents, up 177.69%.
- DDoS Attacks: 13 million incidents, up 255.56%.
- Brute Force Attacks: 20.9 million incidents, down 38.01%.
Also read: Kenya’s Central Bank Establishes Cybersecurity Operations Centre for Banking Sector
In response, KE-CIRT/CC issued more than 17.2 million cyber threat advisories, a 30.55% increase compared to the previous reporting period. These advisories emphasized patching outdated systems, deploying multi-factor authentication, and enhancing firewall and antivirus protections.
The Authority also noted that critical sectors—including internet service providers, cloud service providers, healthcare, and government institutions—remained primary targets. Top exploits included vulnerabilities in WordPress plugins, SAP NetWeaver, Apache Tomcat, and Windows Common Log File System (CLFS), with ransomware and credential theft tactics persisting as key threats.
Also read: Kenyan Authorities Accused of Planting Spyware on Filmmakers
KE-CIRT/CC stressed that without greater investment in modern infrastructure and stronger cyber hygiene practices, organizations risk further exposure to AI-powered intrusions, data breaches, and service disruptions.
“In alignment with the 2023–2027 Strategic Plan, the Authority remains steadfast in its efforts to advance cyber safety and security through the promotion of industry best practices, enhancement of threat detection and response capabilities, and continued public awareness and capacity building initiatives in collaboration with key sector stakeholders,” said Mr. David Mugonyi, Director General/CEO, Communications Authority of Kenya (CA).
In that regard, Kenya’s central bank is establishing a cybersecurity operations centre for banking sector.
About Author
