Kenya's cybersecurity concerns on the rise

The fastest growing threat is anonymous proxy servers, according to a new report

Cybersecurity incidents in Kenya are on the rise, owing to infrastructure growth and increased demand for connectivity in rural and urban areas, according to the most recent annual cybersecurity report from the Telecommunications Service Providers of Kenya (TESPOK).

Botnet attacks, cyberespionage, online and mobile banking fraud and anonymous proxy server attacks are some of the main threats identified by the recently published report.

The survey found that in 2013 the number of cyberattacks detected in Kenya rose by 108 percent to 5.4 million.

"The trends captured in this report are similar in many ways to global trends reported in other regions all over the world; for example, the challenges of Domain Name System (DNS) attacks and Distributed Denial of Service (DDoS) are a continuous threat globally," said Paula Kigen, associate director for the Centre for Informatics Research and Innovation (CIRI) at the United States International University in Nairobi.

Kigen, one of the report's authors, pointed out that Kenya is still grappling with malware and botnets that have been successfully put under control in other regions of the world.

The fastest growing threat is anonymous proxy servers, according to the report. A total of 290,000 attacks originating from anonymous proxy servers were detected last year, compared to 50,000 similar attacks in 2012.

The report identified malicious Kenyan IP addresses on top ISPs like Telkom Orange, Jamii Telecom, Safaricom, and Access Kenya among others. The report also said that 20 of the top ISPs in the country were used for malware hosting, bot activity, DNS and proxy attacks, but declined to name the ISPs. TESPOK draws membership from the country's ISPS.

Online and mobile banking fraud is a bit unique to Kenya, given the extensive use of mobile money services as more banks seek to provide innovative solutions.

"Out of 33 banks sampled, only 2 banks had client-side encryption implemented," the report said. "This means that for the remainder of the banks, a sniffer on a customer or end user PC network will reveal the user's password in plain text; it should also be noted that the SSL encryption used on the various bank sites are not well implemented, meaning that they can be easily circumvented in order to perform man-in-the-middle attacks."

Kenya has 13 million Internet users, according to statistics from the Communications Commission of Kenya. Most people access banking services via their mobile phones. Fraudsters have found a way to exploit individuals, banks and merchants that use mobile money as a payment option.

The report notes that there has been increased security measures at the individual and enterprise level but faults the current Computer Emergency Response Team mechanism, currently hosted by the CCK, for not leading cyber security efforts.

"Kenya needs to have a definitive incident response team and active Computer Emergency Response Team (CERT) to help the country recover in the event of a large-scale coordinated cyber-attack," the report said. "The possibilities of such an attack are high and concerns of our preparation to address such a threat are not unfounded."

The survey does not highlight reports that some terrorist attacks have been carried out after mobile networks were jammed. For example, networks were reportedly jammed on Monday during the attack by Al Shabab militants in Lamu, in the coastal area.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon