Other categories of attack that featured prominently included distributed denial of service and assaults on mobile applications.
The number of cyberattacks detected against Kenyan institutions rose 28 per cent in the three months to September 2025 compared to a similar period last year, pointing to renewed aggression by cybercriminals exploiting artificial intelligence (AI) to automate and scale attacks on critical information infrastructure.
Analysis of fresh data released by the Communications Authority of Kenya (CA) shows that detected threats increased to 842.3 million during the quarter under review, up from 657.8 million recorded during the period between July and September last year.
The rise comes despite an overall quarterly slowdown from the April-June period when the country experienced an unprecedented spike in cyber threat activity.
Read: Revealed: Cyber criminals made 114 attempts to attack state infrastructure in just eight months
The CA attributes the continued high volumes to persistent system vulnerabilities and the rapid integration of cloud-based technologies across public and private systems.
"The detected cyber threats can be attributed to several factors, including inadequate system patching, limited user awareness of threat vectors such as phishing and other social engineering techniques, as well as the growing adoption of AI-driven attacks and machine learning technologies by malicious actors," wrote the Authority in its latest sector release.
"The Authority continued to enhance the dissemination of cyber threat advisories to critical information infrastructure sectors as part of its proactive response to the evolving cyber threat landscape."
System attacks remained the most prevalent form of intrusion during the period, accounting for 776.5 million incidents, or about 83 per cent of the total detections, as criminals sought to compromise systems used in critical sectors such as finance, telecommunications, government, and academia.
Read: Firms need to keep pace with cyber threats
This type of attack attempts to breach the confidentiality, integrity, and availability of computer systems or the data they process. The intrusions exploit vulnerabilities in operating systems, software applications, and user behaviour to gain access to sensitive information or disrupt services.
"Misconfigurations in cloud services, APIs, and default settings continued to be a major factor in breaches and data exposure, as the speed of cloud adoption left many gaps in secure configuration hygiene," noted the CA.
Other categories of attack that featured prominently included distributed denial of service, assaults on web and mobile applications, brute-force attempts, and malware campaigns.
The Authority said ransomware operators increasingly combined encryption, data theft, and extortion in multi-stage attacks targeting essential services and financial systems.