Kenya records 842 million cyber threats as AI-powered attacks escalate
According to the CA, ransomware operations have become more complex, with attackers now combining data encryption, theft, and blackmail to target critical service providers and financial systems.
Kenya’s digital space is facing mounting pressure from tech-savvy hackers who are increasingly using artificial intelligence (AI) to launch more sophisticated cyberattacks, new data from the Communications Authority of Kenya (CA) reveals.
The country recorded 842.3 million cyber threat detections between July and September 2025, a 28 per cent increase compared to 657.8 million incidents logged over the same period last year.
More To Read
- Child malnutrition in Kenya: AI model can forecast rates six months before they become critical
- YouTube Music testing new feature that could rival Spotify’s AI DJ
- CA orders telecom operators to adopt licensed digital certification services or face penalties
- Non-work use of ChatGPT surges, now 73 per cent of conversations - OpenAI study
- Telecom operators ordered to adopt approved digital certificates by January 2026
- Universities can turn AI from threat to opportunity by teaching critical thinking
The Authority says the jump reflects a new wave of aggressive attacks targeting both public and private networks as criminals exploit system weaknesses and poor cyber hygiene to breach sensitive infrastructure.
Despite the country recording fewer attacks than the previous quarter, the overall threat level remains high, driven by unpatched systems, user complacency, and the fast adoption of cloud-based technologies.
“The detected cyber threats can be attributed to several factors, including inadequate system patching, limited user awareness of threat vectors such as phishing and other social engineering techniques, as well as the growing adoption of AI-driven attacks and machine learning technologies by malicious actors,” the Authority said in its latest quarterly update.
In response, the CA said it has stepped up dissemination of cyber advisories to key sectors managing critical information infrastructure, including government, financial institutions, and telecommunications companies.
The move aims to curb data breaches, service interruptions, and loss of information integrity.
System-based intrusions remained the most common type of attack during the quarter, accounting for 776.5 million incidents or about 83 per cent of total detections.
These breaches were mainly aimed at compromising essential computer systems, exploiting vulnerabilities in operating software, and manipulating users to gain unauthorised access to data.
The Authority added that misconfigured cloud services, weak application programming interfaces (APIs), and default security settings continue to leave many organisations exposed.
“Misconfigurations in cloud services, APIs, and default settings continued to be a major factor in breaches and data exposure, as the speed of cloud adoption left many gaps in secure configuration hygiene,” the report stated.
Other attack types reported during the period included distributed denial-of-service (DDoS) incidents, malware campaigns, brute-force attempts, and intrusions on web and mobile applications.
According to the CA, ransomware operations have become more complex, with attackers now combining data encryption, theft, and blackmail to target critical service providers and financial systems.
Top Stories Today
