In 2019, a bank in Upper Hill Nairobi was visited by cyber criminals. Customers literally saw alerts of withdrawals from their accounts. Before the financial institution could realize, Silent Cards—a group of cyber criminals believed to have orchestrated the heist—had carted away KES 400 Mn (over USD 3 Mn). Nevertheless, that is just one of the numerous Kenyan cyber attacks that have made the country the easiest target in Africa.
CCTV cameras, tight security in financial halls and the new sophistication of physical banking in some parts have made it difficult for armed robbers to pay financial halls visits.
The real theft, however, now occurs over the internet. Last year, Africa lost an estimated USD 3.5 Bn to cyber attacks. Nigeria lost the most (USD 649 Mn), followed by Kenya, with USD 210 Mn.
Nevertheless, a new study by Kaspersky suggests that Kenya is now Africa’s easiest target for cyber gangs. According to the report, the East African country accounted for more than 1 out of every 2 million online attacks in the continent.
This turn in tide occurs as cyber criminals leverage on coronavirus-presented distortions to gain authorized access to devices and networks across Africa.
Kaspersky’s quarter 2 report indicates that Kenya experienced more than half a million phishing attacks. It comes second to South Africa, which recorded 616,666 spam and phishing attacks.
Meanwhile, Egypt accounted for 492,532, and Nigeria had 299,426. The East African nations of Rwanda and Ethiopia got 68,931 and 31,585 attacks, respectively.
In Q2 2020, when the pandemic’s effects were felt most across the world, phishers doubled down to target their attacks mostly on smaller companies.
By forging emails and websites from firms whose products/services could be bought, they were able to get the attention of unsuspecting victims. They also reinvented old schemes to make them relevant to the current agenda.
In The Crosshairs
Between October and December 2019, the cyber intelligence unit of the Communications Authority of Kenya detected nothing less than 37.1 million cases of cyber threats.
This figure offers a 47.3 percent jump from what was recorded in the previous quarter. A 2018 report (PDF) by IT services consultancy firm Serianu shows that over 90 percent of cybercrime cases go unreported.
Kenya has never successfully prosecuted or jailed a single cyber fraudster. For one, the police have limited resources to investigation the crimes. As such, arrests are far between and much less systematic.
Even if one is apprehended, the penalties are found to be usually too lenient compared to what is obtainable elsewhere. Because of this inefficiency, the rampance of Kenyan cyber attacks has been blamed on the nation’s legal system.
Case in point, Reuben Kirongothi alongside three other suspects were found guilty of hacking the country’s Judiciary finance systems. The gang fraudulently requested the National Treasury to pay KES 80 Mn to unfounded firms which supplied air in January 2019.
Kirongothi, the ring leader, did not turn up in court. A month before, the same hacker was arrested for leading a 12-man team that hit a Rwandan bank.
Other cases worth millions are either still under investigation or have been declared inconclusive. The judicial system’s slowness in dishing out verdicts for such frauds is perhaps encouraging more attempts.
The result is: at least one bank in Kenya is hit by hackers every month. However, hundreds of these Kenyan cyber attacks are successfully repulsed.