ngCERT Warns Banks of Sophisticated ATM Cash-Out Fraud Across Africa
Banks and other financial institutions across Africa have been placed on high alert following a warning by the Nigeria Computer Emergency Response Team (ngCERT) over a sophisticated cyberattack targeting ATM and card payment systems.
The agency, in an advisory shared on X, referenced a recent breach involving United Bank for Africa (UBA) in Senegal, where criminals reportedly made more than 3,400 fraudulent ATM withdrawals, carting away over $2 million. Investigators believe the operation was coordinated by an international criminal syndicate after gaining high-level access to the bank’s card authorization system.
According to ngCERT, the attackers typically infiltrate banking networks through phishing emails, compromised third-party systems or insider assistance. Once inside, they move across internal systems, obtain elevated privileges and alter security settings governing ATM withdrawals, transaction limits and card authorisation.
With those controls weakened, the perpetrators are able to activate or modify payment cards and coordinate simultaneous cash withdrawals from multiple ATM locations before banks can detect the unusual activity.
The cybersecurity agency warned that such attacks could leave banks exposed to heavy financial losses, service disruptions, regulatory sanctions, reputational damage and wider compromise of critical banking infrastructure if adequate safeguards are not in place.
To reduce the risk, ngCERT urged financial institutions to tighten access to card management and payment systems, strengthen ATM security, improve real-time fraud detection, regularly audit card records and network activity, deploy advanced threat detection tools, and conduct routine security assessments alongside staff training on phishing and insider threats.



Post Comment