Cyber threats shift focus as 46 million credential attacks recorded

A new cybersecurity report has revealed a steep rise in attempts to break into online systems in Kenya, with attackers increasingly relying on repeated login attempts to gain access.

The Communications Authority of Kenya (CA) says 46.38 million such incidents were detected in the three months to March, underlining growing risks as more services move online.

The latest data shows an increase from 42.8 million cases reported in the previous quarter, marking an 8.4 percent rise. The attacks involve criminals trying different combinations of usernames, passwords, or encryption keys until they succeed, a method commonly referred to as brute-force attacks. Over a 12-month period, the number of these threats has now exceeded 128.8 million.

The CA notes that the attacks are increasingly aimed at sensitive systems, especially those tied to cloud platforms and government operations. Criminals are focusing on database systems and login frameworks, often exploiting weak passwords, outdated software, and poorly set up remote access channels.

After gaining access, attackers extract personal or financial information, plant harmful programs such as ransomware, or take control of systems to launch further operations.

“Over the period, attackers increasingly targeted IoT (internet of things) devices and remotely accessible systems through exposed Telnet ports, misconfigured RDP services and vulnerable libssh versions,” the CA said in its latest cybersecurity report.

The rise in these incidents comes despite a drop of 26.15 percent in the total number of cyber threats recorded compared to the last quarter of 2025. This indicates a shift towards fewer but more deliberate and sustained attacks.

The findings come at a time when Kenya is accelerating its transition to digital services and positioning itself as a key technology centre in the region. A cloud-first policy now requires public institutions to prioritise internet-based systems over traditional infrastructure.

At the same time, the financial sector is feeling the impact of cybercrime. Data shows that banks lost a record Sh1.59 billion in 2024 due to cyber-related incidents. Fraud linked to mobile banking saw losses rise sharply to Sh810.68 million from Sh182.41 million the year before, reflecting a 344 percent jump.

Card fraud also recorded a steep increase, costing customers Sh263.29 million compared to Sh15.59 million previously. Losses from computer-related fraud reached Sh203.39 million, while identity theft cases grew to Sh199.08 million. Online banking fraud rose slightly to Sh111.83 million, and internet scams led to losses of Sh6.07 million.

Cloud computing, which allows organisations to access digital services such as storage and software remotely, is gaining ground among both public agencies and private firms. While global providers like Amazon Web Services, Microsoft, and Google dominate the sector, some local businesses are turning to domestic providers due to lower costs and quicker support.

Even so, the expansion of interconnected systems, alongside the rise of remote working, is widening the entry points for attackers. Once inside a network, criminals often move across systems to gain higher access levels, a tactic known as privilege escalation.

“These attacks were largely enabled by compromised credentials, lack of multifactor authentication and expanded remote working, with the objective of gaining unauthorised remote access and escalating privileges,” the communications watchdog said.

Kenya has experienced several major cyber incidents in recent years. In November, multiple government websites, including those of State House, the Immigration Department, and the Directorate of Criminal Investigations, were defaced with extremist messages.

In July 2023, the eCitizen platform was also taken over, disrupting thousands of public services, although the government said no data was lost in both cases.

The CA attributes the growing threat to weak system updates, limited user awareness on online scams such as phishing, and the increasing use of advanced technologies by cybercriminals to refine their methods.