News

Online Abuse in Kenya Up by 1155%, Kenyan Companies Still Use Dumb Passwords – Report

October 16, 2018

The Communications Authority of Kenya recently released their Q1 2018 Sector Statistics Report and it has some interesting tidbits.

First is the section about the National Cyber Threat Landscape. The National KE-CIRT/CC detected over 7.9 million cyber threats, which was a 25% drop compared to the previous quarter.

The most interesting tidbit under the various list of cyber threats detected is the rise of online abuse in the time frame the data was collected. According to CA, online abuse has increased by 1155% compared to last quarter (1757 cases vs 140) which is quite significant.

During this quarter, the National KE-CIRT/CC validated and escalated 3,488 cases, of which online abuse took the lions share (1737 cases) up from 99 last quarter. This was a 1654.5% increase. According to them, online abuse means ‘online fraud, hate speech, incitement to violence and fake news.’

The other forms of attacks showed varied percentages of decrease or increase when compared to the quarters. Malware was down by 27.8%, Web application attacks was up by almost 2%, botnet attacks were down by 36%, system misconfiguration was down by 5% and online impersonations were down by a massive 77%.

The report also revealed the top most targeted service ports when unscrupulous identities targeted file sharing, web services or voice over IP (VoIP) applications. This includes:

Port 445 which is Microsoft Directory Services that is used for sharing files in Windows
Port 80 (HTTP)
Port 5060 (Session Initiation Protocol) that is used for signaling and controlling multimedia sessions like VoIP and Chat
Port 22 (Secure Shell) that is used for securely connecting to remote machines on the same or different network
Port 23 (Telnet) that allows a user on one computer to log onto another computer on the same or different network.

The other bit of news is about the common username and passwords used in brute force attacks. It is surprising such basic passwords and usernames are being used by a majority of software and hardware vendors

Here are the top usernames and passwords and their total number of instances.

Usernames

root (2011)
user (1141)
usuario (81)
test (51)
guest (46)
ftpuser (40)
support (31)
postfix (26)
postgres (25)
hadoop (20)

Passwords

admin (209)
1234 (165)
password (197)
12345 (143)
Root (97)
Ubnt (102)
123456 (138)
default (99)
0000 (102)
admin123 (73)

Online Abuse in Kenya Up by 1155%, Kenyan Companies Still Use Dumb Passwords – Report

1 COMMENT

MasterCard, Opay Partner to Intro Bank Independent Virtual Payment Solution

Investment Platform Hisa Joins NVIDIA Inception Program to Bump Automated Investing

Huawei Announces A Bunch Of Wearable Devices That Could Make Their Way To Kenya

These Kenyan Podcasts Are Worth Checking Out

Kenyan Startups Invited To Apply For Cash And Mentorship From Google

Safaricom’s Joseph Wanjohi Takes Over Kris Senanu’s Role In Acting Capacity

Chief Enterprise Business Officer Kris Senanu Leaves Safaricom

Law Proposes Tracing SIM Registration Agents and Limit On SIM Cards For One Person

Airtel Kenya Fixes Downtime Affecting Airtel Money, Utility App

Draft Interconnection Regulations 2022 Give Telcos Leeway To Negotiate Termination Fees

Windows KB5013943 Update Is Causing Blue Screen of Death Via Sophos Antivirus

Twiga Foods Ventures Into Commercial Farming