In a recent wave of cyberattacks, Kenyan websites belonging to government agencies, media outlets, hospitals, universities, and major banks have been targeted by a Sudanese hacktivist group claiming to be acting on behalf of the Sudanese regime. The hacktivist group, known as Anonymous Sudan, has taken responsibility for these Distributed Denial-of-Service (DDoS) attacks, which temporarily disrupted the websites and services, causing inconvenience to users.
DDoS Attacks and Their Impact
A Distributed Denial-of-Service (DDoS) attack is a cyberattack where the attacker floods the servers of a website, online service, or connected device with an overwhelming amount of internet traffic, making it inaccessible to legitimate users. In this case, Anonymous Sudan targeted various critical sectors in Kenya, including government services like eCitizen, media, finance, healthcare, and education.
The Sudanese hackers are attacking our systems, and our tech guys are just chilling. Why can't the government invest in these guys?
So far, they're boasting of attacking the e-citizen portal, Kenya Power, M-pesa & claim to have stolen passports. Are our data in this country… pic.twitter.com/8YLEYxX0pU
— Kevin T (@kevinFult) July 27, 2023
Reasons Behind the Attacks
Anonymous Sudan claimed that their cyber offensive was triggered by a viral video showing a Sudanese general allegedly taunting Kenya’s president. The group accused Kenya of undermining the sovereignty of the Sudanese government, escalating tensions between the two nations.
At the time of writing this article, no official statements have been released by the affected companies, including Safaricom and Kenya Power. The sole confirmation regarding the cyberattack comes from Kenya’s ICT Cabinet Secretary, Eliud Owalo.
He acknowledged that the Ecitizen platform, a government service hosting essential functions such as visa applications and business registration, has indeed fallen victim to a hacking attempt. However, in an effort to offer a glimmer of relief, Owalo asserted that no sensitive data was accessed during the breach.
CS OWALO: There was a cyber attack on the eCitizen platform but no data was accessed or lost.
Cabinet Secretary, Ministry of Information, Communication and the Digital Economy, Eliud Owalo, in #TheSituationRoom
.@EliudOwalo @MoICTKenya pic.twitter.com/aLoziZYdzB
— SpiceFM (@SpiceFMKE) July 27, 2023
African States’ Vulnerability to Cyber Attacks
African countries, including Kenya, face vulnerabilities in cyberspace due to limited offensive and defensive cyber capabilities. In a recent report by Liquid C2, Kenyan businesses reported an 82% increase in cyber attacks in 2022. The report covered South Africa and Zambia and also highlighted that over half of all large enterprises in the three countries were victims of a successful cyber attack, with 90% of them being Kenyan businesses.
The continent’s growing digital economy has attracted the attention of hackers and digital crime groups. Many African nations lack adequate cyber protections, making them susceptible to cyberattacks from foreign hackers. The situation is exacerbated by a reliance on foreign actors for critical information and cybersecurity support.
Digitization of Government Services: A Double-Edged Sword
Kenya, under President William Ruto’s administration, has been actively digitizing government services to enhance efficiency and accessibility. We also saw the state launch the country’s first fully fledged online university and library. However, this digital transformation also exposes new vulnerabilities, as evidenced by the recent DDoS attacks. While digitization can improve public services, it must be accompanied by robust cybersecurity measures to safeguard against cyber threats.
The Urgent Need for Proactive Cybersecurity Measures
The recent cyberattacks on Kenyan websites underscore the pressing need for African states to prioritize cybersecurity. Governments and organizations must invest in enhancing their cyber maturity and defensive cyber capabilities. By developing domestic cybersecurity expertise and adopting proactive security measures, African nations can better protect their critical infrastructure and data.
Collaboration between African nations is essential in combating cyber threats. Establishing regional and continental frameworks for sharing cybersecurity intelligence and best practices can significantly bolster Africa’s collective resilience against cyberattacks.
Conclusion
As Africa’s digital economy continues to grow, so does the threat of cyberattacks. The recent cyber attacks by the Sudanese hacktivist group in Kenya serve as a wake-up call for governments, businesses, and individuals to prioritize cybersecurity measures. Investing in cybersecurity and fostering collaboration among African nations will be crucial in safeguarding the continent’s digital future and protecting vital services from malicious actors.
