Spying on banking activities, user credentials theft and mining cryptocurrency details were key targets by cyber criminals in Kenya in July, according to a report.
According to American-Israeli multinational-Check Point, Qbot was the most prevalent malware during the month with an impact of 22.41 per cent, followed by Coinloader with an impact of 8.62 per cent and LokiBot with an impact of 6.90 per cent.
Kenya remains among countries highly exposed to cybercrime, with a recent attack on the government platform-eCitizen and major downtime on financial platforms putting the country on high alert.
A malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorised access to information , deprive access to information, or which unknowingly interferes with the user's computer security and privacy.
Qbot, also known as Qakbot is a multipurpose malware that first appeared in 2008.
It was designed to steal a user’s credentials, record keystrokes, steal cookies from browsers, spy on banking activities, and deploy additional malware.
Often distributed via spam email, Qbot employs several anti-virtual machine (VM), anti-debugging and anti-sandbox techniques to hinder analysis and evade detection.
Commencing in 2022, it emerged as one of the most prevalent Trojans- any malware that misleads users of its true intent by disguising itself as a standard program.
Coinloader malware is a type of malicious software designed to infiltrate computer systems and load additional payloads, often related to cryptocurrency mining or other cybercriminal activities.
It typically spreads through malicious email attachments, exploit kits, or compromised websites.
LokiBot, first identified in February 2016, is a commodity info-stealer with versions for both the Windows and Android operating system.
It harvests credentials from a variety of applications, web browsers, email clients and IT administration tools.
“Last month, utilities remained in first place as the most exploited industry in Africa, followed by transportation and retail or wholesale,” the report by Check Point reads in part.
The firms is a provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security and security management.
It comes at a time when both the public and private sectors are experiencing a high rate of Distributed Denial of Service (DDoS) attacks, used to overwhelm a target website with fake traffic.
A fortnight ago, ICT and Digital Economy CS Eliud Owalo confirmed that there was a hack on the government services platform eCitizen, but no data was lost.
"What they did is they tried jamming the system by making more than ordinary requests into the system...It started by slowing down the system, but we were able to address it. No data has been accessed, no data has been lost ," the CS told assured the country.
Latest Communication Authority data indicates total cyber threats detected in the third quarter of the last financial year were more than 187.7 million, down from 249.9 million in the quarter ended December 2022.
DDoS and web application attacks were among the highest.
Data from Kaspersky Security Network shows Nigeria, currently ranked 50th worldwide for online threats, South Africa at position 82, and Kenya at 35, have increasingly become focal points for cyber threats.
"Criminal attacks are mainly driven by the pursuit of financial profit, whereas advanced attacks indicate how cyber threat actors continually adapt their tactics and tools to breach security measures,” said Amin Hasbini, head of the Global Research and Analysis Team (GReAT) for META, at Kaspersky.
A significant portion of the attacks witnessed across Africa, he said, are shaped by the rapidly changing geopolitical landscape.
However, a growing concern is that cybercriminals are learning from successful advanced attacks to refine their craft.
In the first quarter of 2023, Kaspersky reported that backdoor and spyware attacks were the most common threat types in South Africa, amassing to 106,000 attack attempts.
Similar attacks attempts were observed in Nigeria, totalling 46,000, while the same type of attacks peaked at 143,000 in Kenya.
However, in Kenya, exploits emerged as the most dominant form of attack with 177,000 incidents blocked.