The number of malware attacks in the country exceeded and were far beyond any other kind of cybercrime reported during the 2015/2016 period according to the Communications Authority of Kenya’s (CA) annual report for the same period.
The regulator’s annual report indicates that there were 80% reported cases of malware attacks in the previous year followed by 18% for brute force attacks while web application attacks accounted for an insignificant 2% of the cases reported to the Kenya Computer Incident Response Team – Coordination Centre (National KE-CIRT/CC).
The National KE-CIRT/CC was established to mitigate the effects of cyber-crime activity in the country in line with Kenya’s ICT Sector Policy, KICA and the National Cybersecurity Strategy.
The body is a multi-government agency collaboration formed to expedite responses to cyber-attacks and coordinate resolution of cybercrime activities and is thus Kenya’s “trusted point of contact for coordinating response to cyber-attacks and remediation of cyber-security incidents.”
“The National KE-CIRT/CC detected, resolved and prevented various cyber-crimes that included: cases of malware attacks, brute force attacks, web attacks, social media abuse and impersonation, website defacement, denial of service attacks, hacking of email accounts,” states the CA in its Annual Report.
Based on the reports from the affected parties, the National KE-CIRT/CC sent out advisories and alerts to the National KE-CIRT/CC Cyber-Security Committee (NKCC) constituents which then strengthened trust networks at the national, regional and international level.
“The National KE-CIRT/CC continued to collaborate with law enforcement agencies, the financial sector, the telecommunication industry, academia, public utility companies and critical infrastructure service providers. The collaboration builds synergy in the prevention of cyber security incidents, thus stimulating rapid response, and the promotion of information sharing among members and the community at large,” the report notes.
Apart of its mandate to implement measures aimed at eliminating the use of counterfeit communications devices by enabling consumers verify the authenticity of their devices using Short Code 1555, the CA received a total of 111,508 International Mobile Equipment Identity (IMEI) requests from mobile service subscribers at the end of 2015/16 Financial Year.
Looking at the figures released, from the figure above, it appears the requests have come down significantly from 2013 to 2016. For example, whereas the number of requests where the IMEI was not found has reduced from almost 1.5 million requests 2013/14 to just about 12,000 in the 2015/16 period. In 2013/14 period, the number of requests where the IMEI number was less than the standard 15 digits was over 3.6 million but in the last financial year, this had reduced to less than 30,000.
The number of requests where the IMEI number was found also decreased from about 11 million in 2013/14 period to just over 70,000 in the past year while the overall total number of requests has declined from almost 16 million in 2013/14 financial year to just over 111,000 in the past year according to the CA’s latest Annual Report.