Kenya Cyber Security Report 2015
50%
Missing Patches
Top Local Network Threats &
Vulnerabilities
Missing Patches
20%
Use of Obsolete Database, OS
and Applications Versions
15%
Web Server Misconfigurations
A patch is a piece of software designed to update
11%
a computer program or its supporting data, to fix a
Use of Default Credentials
vulnerability or improve the program’s functionality
4%
and performance. Missing software patches account for
OPEN SMTP Relay Threat
a majority of the Denial of Service and Remote Code
Execution attacks Serianu identified to 2015.
Majority of these organisations lack a patch management
policy guiding them through the patching process.
Use of Default Credentials
Use of Obsolete Database, OS and
Applications Versions
Default passwords pose a major security risk, as malicious
individuals have access to this information on the Internet.
An obsolete version is one that is no longer supported
by the vendor. The use of such systems therefore makes
Once a user identifies a computer platform, all an
it easy for attackers to exploit since newly discovered
unauthorized user must do is entering the default user
vulnerabilities are not patched by the vendor. Some local
credentials to gain access.
organisations are using obsolete versions of MySQL and
MSSQL databases as well as legacy operating systems such
OPEN SMTP Relay Threat
as Microsoft Windows Server 2003 and Microsoft Windows
XP which are no longer supported by the vendor.
An “open” SMTP relay is an SMTP server which allows
mail to be sent without the need for authentication from
Web Server Misconfigurations
aremoteuser. This vulnerability is exploited by malicious
individuals who send fraudulent emails or use it for
During our analysis, Serianu determined that the majority
phishing scams.
of local web server attacks are successful due to server
misconfigurations. These misconfigurations include
It is common for these individuals to abuse open SMTP
exposing sensitive web directories to the public, and
relays, sending thousands of untraceable messages
leaving default server login pages active.
through the server.
37