A review of cyber security attack trends in Kenya

The COVID 19 pandemic led to a situation where Kenyan institutions were forced to embrace remote learning, remote working and e-commerce services. These basically led to an upsurge in financial cyber activity and with it came an upsurge in cybercrime. This paper conducted a review of available secondary data on cyber attacks in Kenya with the aim of identifying the most popular trends embraced by attackers while perpetrating cyber-attacks on financial institutions and their clients. The paper was also able to obtain a ranking of the most popular trends associated with attacks within the Kenyan cyber space.


Introduction
The comprehension of the term cybersecurity can only be made possible if we are able to first understanding the term from which it is coined, cyberspace. The widespread interconnectivity of digital technology is what is popularly referred to as Cyberspace. Cyberspace can be viewed to be just a hypothetical environment in which computer networks are communication enablers. The use of the term Cyberspace gained popularity in the 1990s intellectual property, financial data, personal information, or other types of data for which unauthorized access or exposure could have negative repercussions.

Cyber Security Breaches
Cyber security is a subset of information security which in turn has its own goals as far as implementing security is concerned. The goals however are universal in nature, focusing on the three objectives confidentiality; integrity; and availability, and are simply cascaded downwards and implemented at a cybersecurity level. It is on that basis that we look at the overall Information Security goals and how they apply to cybersecurity.
While considering breaches in cyber security one needs to put into consideration the following: who and where the attacker is; and what the attacker is trying to achieve, that is, what is the attack model that belongs to the threat.
Different attackers will have different capabilities and also have different goals. Examples of cyber security breaches that maybe manifested during the perpetration of an attack may include but not be limited to: (i) XSS: Cross site scripting attacks occurs when an attacker uses a web application to send malicious actions. It allows the attacker to take control of the victim's browser and obtain information on the user via the browser.
(ii) SQL Injection: makes it possible for an attacker to bypass security measures and execute malicious SQL statements, Where an attacker waits for a victim to initiate a query on the database and then modifies the SQL query to return additional results, not requested for by the victim, to the user.
(iii) Session Hijacking: where by an attacker steals a session id through the cookies or through a Trojan horse.
During a session hijacking, a malicious hacker places himself/herself in between your computer and the website's server while you are engaged in an active session. He or she then actively monitors everything that happens on your account, and may even eject you from the session and take control of it.
(iv) IP spoofing: Creating a false IP address for the purpose of impersonating another network node.
(v) Eavesdropping: access to content while it is on transmission (vi) DNS spoofing: exploiting weaknesses in the domain name server to divert traffic away from legitimate servers and direct them towards fake ones (Sitelock, 2019)

Methods and materials
The research relied heavily on secondary data to perform a comparative analysis of common cyber security attacks frequencies and trends in Kenya and more specifically in relation to financial transactions.
The advent of mobile money due to the ability to link mobile telephony via telcos to banks has led to a highly digitalized Kenyan economy, data from the Central bank of Kenya indicates that mobile money transactions in Kenya jumped 52 percent to Sh3.26 trillion in the six months to June 2021. This in turn has led to an increase in cyber-attacks on players and their clients within the industry.
In its quarterly sector statistics report covering July-September 2020 the Communication Authority of Kenya reported 35.1 million cyber threats in the country, a rise of 152.9%. The report also indicated a rise in child online abuse, online abuse and online fraud with this being mainly attributed to working remote and an uptake on ecommerce thanks mainly to the COVID-19 Situation.