Kenya Airports Authority (KAA) has confirmed that it suffered a cyberattack from the notorious hacking group, Medusa according to NTV. While KAA claims that no sensitive data was stolen, the attack resulted in the leakage of procurement plans, physical plans, site surveys, invoices, and receipts. The incident underscores the growing threat of cybercrime in Kenya, with Communication Authority data indicating that the number of cyber threats more than doubled in the financial year 2021-2022.
What Happened in the KAA Data Breach?
According to an anonymous KAA official who spoke to NTV, the cyberattack occurred back in February 2023. The hackers reportedly used the identity card and passport of one of KAA’s engineers to gain access to the Authority’s network. The attack did not have a significant financial or operational impact, and KAA claims that no sensitive data was stolen. However, the attackers released 514 GB of data, including procurement plans, physical plans, site surveys, invoices, and receipts, on the internet. The hackers also demanded a ransom, but KAA did not engage with them.
The leaked data has been posted on multiple websites and some Telegram Channels.
How easy the attackers gained access to KAA’s network raises question about how secure the network is. For such an Authority, there should be better way to prevent such incidences from happening.
Who is Medusa?
Medusa is a notorious hacking group that has been active since 2021. The group uses a combination of AES and RSA encryption algorithms to lock up data, making it challenging to recover without paying a ransom. Medusa has been linked to other high-profile cyberattacks, including an attack on Minneapolis Public Schools (MPS), a complex of public schools located in the Minneapolis School District. The group went silent after a series of attacks, only to resurface in 2023.
Implications for Cybersecurity in Kenya
The KAA data breach highlights the growing threat of cybercrime in Kenya. According to Communication Authority data, the number of cyber threats more than doubled in the financial year 2021-2022. The increase in threats can be attributed to an increase in internet users, which creates a larger pool of targets for online criminals. As more Kenyans go online, it is essential to strengthen cybersecurity measures to protect against cyberattacks.
One way to enhance cybersecurity in Kenya is by increasing awareness about the risks of cybercrime. Many people in Kenya are still unaware of the dangers of cybercrime, which makes them more vulnerable to attacks. By educating the public about the risks of cybercrime and the measures they can take to protect themselves, we can reduce the number of successful cyberattacks.
Many organizations in Kenya do not have adequate cybersecurity measures in place, which makes them more vulnerable to attacks. By investing in cybersecurity infrastructure, organizations can better protect themselves against cyberattacks and reduce the impact of successful attacks.
It’s also important to provide training and education to employees on how to identify and avoid common cyber threats. With employees being the weakest links when it comes to cyber threats, educating them is a very important step.