From July to September of this year, Kenya witnessed important developments in its cybersecurity environment. The National KE-CIRT/CC detected 842 million cyberthreats, which is an 81% drop from the previous quarter.
At the same time, the center issued 19.9 million advisories, a 15% increase, to guide organizations in protecting their systems.
The increase in advisories shows a focus on prevention and preparation. Organizations were encouraged to regularly update their software, use strong passwords and multi-factor authentication, and set up firewalls and antivirus programs correctly.
Users were also advised to practice good cyber hygiene to reduce the risk of phishing and other online attacks.
Main Threats and Trends
System vulnerabilities and malware attacks were the most common cyberthreats in Q3 2025. Other cybersecurity threats included web application attacks, brute force attempts, DDoS attacks, and mobile app exploits.
System attacks accounted for over 776 million incidents, representing most of the threats. Malware attempts rose to 31.6 million, while web application attacks decreased to 10.4 million but still targeted government systems and ISPs, often exploiting weak databases, login credentials, and outdated SSL/TLS setups.
Brute force attacks reached 18.8 million, mainly affecting cloud providers and government systems.
Attackers targeted login pages, database servers, remote access systems, mail servers, and content management platforms, often using weak passwords or misconfigured RDP to gain access.
DDoS attacks totaled 4.7 million and mostly aimed to disrupt public services.
ISPs, cloud services, and healthcare organizations were frequently targeted. Attackers exploited stolen credentials, outdated systems, malicious links, and zero-day vulnerabilities.
KE-CIRT/CC advised organizations to set up DDoS detection, configure firewalls properly, use strong passwords, and keep software updated to reduce the risk of being used in botnets.
Malware and Web Application Attacks
Malware attacks mainly targeted sensitive systems to steal information, install backdoors, or encrypt files.
Web application attacks focused on government systems and ISPs, trying to compromise databases, disrupt services, or access sensitive information.
Attackers often exploited outdated software, weak APIs, serverless misconfigurations, and unpatched SSL/TLS protocols.
Some of the most exploited vulnerabilities included
- SharePoint-Deser (CVE-2025-53770): Exploited for remote code execution (RCE).
- Chrome-ANGLE-Esc (CVE-2025-6558): Used for browser sandbox escape.
- Citrix-NetScaler-Overflow (CVE-2025-7775): Led to memory overflow and persistent backdoors.
- FortiWeb-SQLi (CVE-2025-25257): Enabled SQL injection attacks.
- CodeIgniter-CmdInj (CVE-2025-54418): Allowed arbitrary command execution on affected systems.
Even though overall cyberthreats dropped, Kenya’s critical systems remain at risk. Malware, system attacks, brute force, and DDoS continue to target government agencies, cloud providers, ISPs, and healthcare sectors.
KE-CIRT/CC recommends regular updates, strong passwords, multi-factor authentication, firewall management, and user awareness programs to reduce risk and protect key services.
