Cybersecurity threats in Kenya have reached unprecedented levels. According to data released by the National KE-CIRT/CC, the country recorded over 4.5 billion cyber threat events in just three monthsβbetween October and December 2025. This represents a 441.27% increase compared to the previous quarter, signaling a rapidly escalating cyber risk environment affecting government institutions, businesses, and individual users alike.
This article examines the current cyber attack trends in Kenya, the most prevalent attack vectors, and the key drivers behind this surge, based on official national data and observed threat patterns.
Overview of Cyber Threat Activity in Kenya
Between October and December 2025, KE-CIRT/CC detected a total of:
4,559,229,985 Cyber Threat Events
This explosive growth highlights:
Increased exploitation of vulnerable systems
Poor patch management
Low user awareness of phishing and social engineering
Rising use of AI-driven attack tools by threat actors
Cyber Threat Landscape β Total Cyber Threats Detected
Breakdown of Cyber Attacks by Vector
1. System Attacks β 4.37 Billion Events
System-level attacks dominated Kenyaβs threat landscape, accounting for over 95% of all detected events.
Key causes include:
Unpatched operating systems
Misconfigured servers and network devices
Continued reliance on deprecated systems
Weak access control policies
These attacks primarily target government systems, ISPs, financial institutions, and large enterprises.
2. Malware Attacks β 70.9 Million Events
Malware remains a major threat, driven by:
Trojans and botnet infections
Email-borne malware
Compromised websites distributing malicious payloads
Many infections originate from phishing campaigns and cybercrime-as-a-service (CaaS) platforms.
3. Distributed Denial of Service (DDoS) β 58.3 Million Events
DDoS attacks continue to disrupt:
E-government services
Online banking platforms
Telecom and cloud infrastructure
Attackers increasingly use IoT botnets and rented DDoS services to overwhelm systems.
4. Brute Force Attacks β 42.7 Million Events
Brute force attacks largely targeted:
Web portals
VPNs
Email servers
The continued use of weak passwords and lack of multi-factor authentication (MFA) remains a key weakness.
5. Web Application Attacks β 11.5 Million Events
These attacks focused on:
SQL injection
Cross-site scripting (XSS)
Insecure APIs
Web apps developed without secure coding practices remain highly vulnerable.
6. Mobile Application Attacks β 310,009 Events
Though smaller in volume, mobile attacks are growing steadily, especially targeting:
Mobile banking apps
Android-based enterprise tools
Cyber Attack Vector Trends β October to December 2025
Cyber Threat Advisories Issued
To counter the rising threats, KE-CIRT/CC issued:
21,815,814 Cyber Threat Advisories
This represents a 9.34% increase compared to the previous quarter.
Advisory Distribution by Attack Type:
Web Application Attacks: 10.16 million
System Attacks: 7.83 million
Brute Force Attacks: 1.88 million
DDoS Attacks: 1.33 million
Malware Attacks: 591,950
Mobile Application Threats: 6,140
These advisories were disseminated to critical information infrastructure (CII) sectors, including finance, healthcare, energy, transport, and government.
Key Drivers Behind the Surge in Cyber Attacks
πΉ Inadequate System Patching
Many organizations delay updates due to operational constraints, leaving exploitable vulnerabilities exposed.
πΉ Low Cyber Awareness
Phishing and social engineering attacks continue to succeed due to limited end-user training.
πΉ Default Credentials & Poor Password Policies
Default logins and password reuse remain widespread, enabling brute force and credential stuffing attacks.
πΉ AI-Enabled Threat Actors
Attackers are increasingly leveraging AI and automation to:
Scale attacks
Evade detection
Generate convincing phishing content
Recommended Cybersecurity Measures for Kenya
KE-CIRT/CC continues to emphasize the following defensive measures:
Regular system and application patching
Mandatory Multi-Factor Authentication (MFA)
Strong password and access control policies
Proper firewall and antivirus configuration
Continuous security monitoring and log analysis
Cybersecurity awareness training for users
