Creators of fake news and messages are having a field day as countries continue to face different forms of cyber attacks. Kenya is estimated to have lost more than Sh20 billion to cybercrime fraudsters last year, with ransomware and fake news being the latest forms hackers are using to fleece individuals and businesses, especially commercial banks. Here are some of the cyber crimes Kenya is battling with, according to Africa Cyber Bullying Report 2017 and Communications Authority of Kenya Annual Report
1. Cyber bullying
An online gaming challenge was allegedly responsible for the suicide of a 16-year-old boy in Kamukunji area, Nairobi. Called the Blue Whale Challenge, the online game is an example of an evolved cyber bullying mechanism targeting vulnerable teenagers.
The game assigns daily tasks for 50 days, thereafter encouraging the user to commit suicide. It is an international problem pitting online games developers, content regulators and teenagers against each other.
It is a social problem that is proving too hard for the community to handle. Other games of such nature are: RapeLay, Manhunt 2, Bully, Tom Clancy’s Ghost Recon Advanced Warfighter 2 and Postal 2.
2. Mobile and internet-related services
As online services grow, with more than half of bank customers using internet banking and three quarters using mobile banking, attackers are now leveraging these platforms to steal money from customers.
Last year, several attacks reported indicated that hackers used dormant accounts to channel huge sums of money from banks. Majority of the attackers also leveraged the no-limit vulnerability present in most internet banking systems to channel out money.
Central Bank of Kenya said in its annual supervision report for 2016 that fraud in computer, mobile and Internet banking was on the rise based on cases reported to the Banking Fraud and Investigation Department.
Phishing is one of the attacks that leverages the inadequacies of humans and remains worryingly effective. Kaspersky Lab products blocked 51 million attempts to open a phishing page early last year.
During the year, a wave of unprecedented cyber attacks swept across the globe, with over 350 companies and hundreds of thousands of computers in 152 countries affected. Over 20 per cent of these attacks targeted banks and other credit and financial organisations.
Computer forensics and data recovery company East Africa Data Handlers said it had received 14 cases of servers that had been affected by the ransomware. Among these clients are two multinationals, which had the entire 15-year data manipulated and lost.
4. Pyramid Schemes
The infamous Ponzi schemes made a comeback with a bang last year, more smarter and faceless. They prowled the anarchic cyber-world, sucking in thousands of gullible Kenyans with the promise of easy cash.
One such pyramid scheme was Public likes which cost Kenyans roughly Sh2 trillion. Public Likes was a website on which users earned money merely by clicking on “adverts”.
This site, which described itself as “social media marketing,” purported to connect advertisers with potential customers. Users of the site get paid by simply clicking on the adverts or Paid-to-click (PTC).
The money they receive is allegedly payment made by advertisers for every click, or what is known as Pay per Click (PPC). These schemes rely on a constant flow of new investments to continue to provide returns to older investors.
5. Fake news
Prevalence of fake or false news is on the rise in Kenya. About 90 per cent of Kenyans have seen or heard false news about the 2017 General Election, with 87 per cent reporting instances of deliberately false – or fake – news.
Last year, media platforms were overwhelmed by rogue politics, misinformation and dubious claims. From videos of post-election violence to news about politicians who had defected from their political parties.
The real impact of the growing interest in fake news has been the realisation that the public might not be well-equipped to tell the difference between true and false information.
6. Malware attacks
The number these attacks in the country were far beyond any other kind of cybercrime reported during the 2015/2016 period, according to Communications Authority of Kenya.
The regulator’s annual report indicates that there were 80 per cent reported cases of malware attacks in the previous year followed by 18 per cent for brute force attacks while web application attacks accounted for an insignificant two per cent of the cases reported to the Kenya Computer Incident Response Team – Co-ordination Centre.
7. Identity theft
This is one of the leading scheme bank fraudsters are using to steal money from banks or customers after the adoption of EMV (Europay, Mastercard and VISA) enabled ATMs in 2013.
Fraud data in the banking sector, has remained a challenge as banks shy away from reporting the amounts they lose, making it difficult to tackle the challenge.
Most banks would rather report the case for investigation and avoid making public amounts lost which could be efforts to protect their image.
Apart from getting customers’ information, the biggest challenge also remains compromised bank staff who collude with fraudsters by accessing key systems.
8. Social engineering
It is defined as the unauthorised acquisition of sensitive information or inappropriate access privileges by a potential threat source, based on the building of an inappropriate trust relationship with a legitimate user of an ICT system. The objective is to trick someone through deception into providing valuable information or access to that information.
9. Data exfiltration
Also sometimes referred to as data extrusion, data exportation, or data theft, it is the unauthorised transfer of sensitive information from a target’s network to a location which a threat actor controls.
Because data routinely moves in and out of networked enterprises, data exfiltrated can closely resemble normal network traffic, making detection of exfiltration attempts challenging for IT security groups.
10. Child pornography
One unforeseen consequence of the rise of the internet has been an explosion in the illicit trade of child sexual abuse images and videos.
Child pornography has become particularly problematic, especially with the rise of the Internet and its users, and the victims depicted in images of child pornography. The world is now coming to the realisation that the only way to fight this heinous crime is to have effective law, and Kenya has not been left behind.