Kenya records 842 million cyber threats as AI-powered attacks escalate
According to the CA, ransomware operations have become more complex, with attackers now combining data encryption, theft, and blackmail to target critical service providers and financial systems.
Kenya’s digital space is facing mounting pressure from tech-savvy hackers who are increasingly using artificial intelligence (AI) to launch more sophisticated cyberattacks, new data from the Communications Authority of Kenya (CA) reveals.
The country recorded 842.3 million cyber threat detections between July and September 2025, a 28 per cent increase compared to 657.8 million incidents logged over the same period last year.
More To Read
- Google launches Workspace Studio, enabling anyone to build Gemini-powered AI agents
- Mobile phone user awarded Sh400,000 after repeated unauthorised spam messages
- ChatGPT could soon tap into Apple Health data for personalised wellness insights
- Gulf region paves the way to become digital data hub
- Apple names new AI chief amid pressure to catch up
- Rights experts sound alarm on AI’s potential to target activists, undermine electoral integrity
The Authority says the jump reflects a new wave of aggressive attacks targeting both public and private networks as criminals exploit system weaknesses and poor cyber hygiene to breach sensitive infrastructure.
Despite the country recording fewer attacks than the previous quarter, the overall threat level remains high, driven by unpatched systems, user complacency, and the fast adoption of cloud-based technologies.
“The detected cyber threats can be attributed to several factors, including inadequate system patching, limited user awareness of threat vectors such as phishing and other social engineering techniques, as well as the growing adoption of AI-driven attacks and machine learning technologies by malicious actors,” the Authority said in its latest quarterly update.
In response, the CA said it has stepped up dissemination of cyber advisories to key sectors managing critical information infrastructure, including government, financial institutions, and telecommunications companies.
The move aims to curb data breaches, service interruptions, and loss of information integrity.
System-based intrusions remained the most common type of attack during the quarter, accounting for 776.5 million incidents or about 83 per cent of total detections.
These breaches were mainly aimed at compromising essential computer systems, exploiting vulnerabilities in operating software, and manipulating users to gain unauthorised access to data.
The Authority added that misconfigured cloud services, weak application programming interfaces (APIs), and default security settings continue to leave many organisations exposed.
“Misconfigurations in cloud services, APIs, and default settings continued to be a major factor in breaches and data exposure, as the speed of cloud adoption left many gaps in secure configuration hygiene,” the report stated.
Other attack types reported during the period included distributed denial-of-service (DDoS) incidents, malware campaigns, brute-force attempts, and intrusions on web and mobile applications.
According to the CA, ransomware operations have become more complex, with attackers now combining data encryption, theft, and blackmail to target critical service providers and financial systems.
Top Stories Today
