The Communications Authority of Kenya's National KE-CIRT/CC recorded over 842 million cyber threat events between July and September 2025, representing an 81.64 decrease compared to the previous quarter. During the same period, the Authority issued 19,951,546 cyber threat advisories, a 15.53 increase from April-June 2025. The majority of detected threats were linked to inadequate system patching, limited user awareness of social engineering tactics, and the increasing use of AI and machine learning by malicious actors. The advisories emphasized regular patching, implementation of Multi-Factor Authentication MFA, strong password policies, and properly configured firewalls and antivirus software.
Globally, the cybersecurity landscape remained heightened and increasingly sophisticated. Threats were largely driven by ransomware, Distributed Denial-of-Service DDoS attacks, and social engineering, often leveraging AI, large language models, and deepfakes. Critical Information Infrastructure CII across sectors such as e-government, ICT and telecommunications, and banking and finance continued to be prime targets. Emerging risks included Advanced Persistent Threats APTs, supply chain attacks, and exploitation of zero-day vulnerabilities. The National KE-CIRT/CC observed a strong alignment between global and national cyber threat tactics, techniques, and procedures TTPs.
In Kenya, the most prevalent threat vectors were System Attacks, with 776,542,757 incidents detected, followed by Malware Attacks 31,676,444 and Brute Force Attacks 18,811,738. Despite this, the most frequent advisories were issued for Web Application Attacks 9,357,296 and System Attacks 7,456,782. Key targets included end-user devices, Internet of Things IoT devices, web applications, and networking devices. The industries most affected were Internet Service Providers ISPs, cloud service providers, government institutions, and academia.
