Cybercrime incidents targeting Kenyans more than tripled to 2.5 billion in the three months to March 2025, threatening online security and economic stability as criminals now target key sectors of the economy.
The Computer Incident Response Team (KE-CIRT), a unit at the Communications Authority of Kenya (CA), detected 2.538 billion threats, a 202 percent increase from the 840.9 million recorded in the quarter to December 2024.
This is the highest number of threats ever recorded by the unit in a single quarter, and comes as cybercriminals become more sophisticated amid weak safeguards by entities in the country.
“Inadequate patching of systems, low user awareness of various threat vectors, including phishing and other forms of social engineering attacks, and the increasing use of AI-driven attacks and machine learning technologies are among the reasons for the rise in cyber threats that have been detected,” said the unit in a new report.
System attacks have remained the most prevalent threat recorded in the country, rising 228 percent to 2.47 billion in the quarter to March 2025, as criminals sought to compromise systems used in critical sectors.
System attacks are threats that attempt to compromise the confidentiality, integrity and availability of computer systems or the data they process. They exploit vulnerabilities in computer software and hardware or human behaviour to execute the attacks.
“Attackers primarily leaked user login credentials and exploited vulnerabilities in outdated operating systems. The continued prevalence of system vulnerabilities can be attributed to the proliferation of inherently insecure Internet of Things (IoT) devices,” said CIRT.
During the period, as was the case last year, attacks mostly targeted internet service providers, cloud service providers and companies operating in the healthcare sector.
“System attacks targeted the critical information infrastructure sector, which holds sensitive data such as financial information. The objectives of these attacks were to disrupt, compromise, and sabotage essential systems and services on a large scale.”
Other types of attacks, including distributed denial of service (DDoS), mobile applications, brute force, web application, and malware attacks, also recorded a surge during the period.
In the January-March quarter, the country recorded one of the worst breaches in history when the Business Registration Services was attacked and a trove of sensitive companies’ data stolen.
