ALERT: FG warns Nigerian banks of ATM cyber attacks after $2m Senegal heist

Nigeria’s Computer Emergency Response Team (ngCERT) has warned financial institutions to strengthen their cyber defences following a wave of automated teller machine-related attacks targeting banks across Africa.

In an advisory dated June 25, ngCERT classified the threat as “high risk” and warned that the attacks could cause severe financial and operational damage if unchecked.

NgCERT is a federal government body responsible for managing risks of cyber threats in Nigeria’s cyberspace and operates under the office of the national security adviser (ONSA).

In the advisory, the agency cited a recent attack on United Bank for Africa (UBA) in Senegal, where fraudsters withdrew more than $2 million through 3,421 ATM transactions.

The response team said the attackers gained privileged access to the bank’s card authorisation infrastructure, enabling them to manipulate transaction controls and execute coordinated cash withdrawals.

“This methodology poses a significant threat to financial institutions operating similar ATM and card systems across the region,” the advisory notice reads.

The agency said recent incidents show that threat actors compromise bank networks through phishing campaigns, supply-chain weaknesses or insider access before deploying malware and escalating their privileges.

“Once inside, attackers conduct internal reconnaissance to map critical systems involved in ATM transaction processing, card management and authorization services,” ngCERT said.

The agency said the attackers also manipulate withdrawal limits, transaction velocity controls, fraud monitoring thresholds and card parameters while creating or altering payment card records.

“These changes enable a coordinated cash-out operation involving a distributed network of operatives who simultaneously executed high-volume ATM withdrawals across multiple geographic locations,” the advisory said.

NgCERT warned that successful exploitation of the attacks could have far-reaching consequences for financial institutions.

They said successful exploitation of cyber-enabled ATM cash-out attacks may lead to massive financial losses through rapid draining of ATM cash reserves, compromise of core banking systems and customer account manipulation.

Such attacks, the organisation said, could also trigger reputational damage, regulatory penalties, disruption of financial services and broader network compromise leading to data breaches.

To mitigate the threat, ngCERT urged banks to strengthen privileged access controls and implement multi-factor authentication for all administrative accounts.

The agency also advised financial institutions to “immediately harden ATM infrastructure by disabling unnecessary remote access, applying latest firmware patches, and reviewing third-party remote access pathways and vendor accounts”.

NgCERT also recommended strict network segmentation, enhanced real-time transaction monitoring, continuous threat hunting, regular penetration testing, and red-team exercises

The agency called for stronger staff awareness on phishing and insider threats, alongside regular testing of incident response plans tailored to ATM cash-out scenarios, as banks move to bolster resilience against increasingly sophisticated cyberattacks.(TheCable)