• SSA high profile financial institutions on frontline
Cyber attacks targeted at the global banking system and high profile institutions are not imaginary, but real. The overall objective is to steal financial assets- cash or near-cash assets.
Unfortunately, latest reports showed that the most dreaded group in the criminal trade, known as “Silence”, has positioned for the sub-Saharan Africa (SSA).
So far, even great institutions, in recent times, have succumbed to the trickery of the law-defying elements. Of course, SSA, led by Nigeria, is the home of the big financial institutions in the continent. But they are not immune to the cyber threats.
A cyber attack means the attempt to disable, destroy, expose, steal, alter or obtain unauthorized access to a computer system, infrastructure, network, including all other smart devices.
Kaspersky security researchers said there are thousands of notifications of attacks on major banks located in the sub-Saharan Africa (SSA) region. The malware used in the attacks indicates that the threat actors are most likely to be an infamous Silence hacking group, previously known to be responsible for the theft of millions of dollars from banks across the world.
Tagged Silence group, it is one of the most active Advanced Persistent Threat (APT) actors, which has carried out a number of successful campaigns targeting banks and financial organisations around the Globe.
Already, the cybercriminals are now actively abusing the names of artists and songs nominated for a Grammy 2020 award, in order to spread malware. It’s all part of strategic widening of their dragnet in the search for a connection or link with banks’ systems and their vaults.
Kaspersky said its protection technologies detected a 39 per cent rise in attacks (attempts to download or run malicious files), under the guise of nominees’ work in 2019, compared to 2018.
Artists like Ariana Grande, Taylor Swift and Post Malone were the attackers’ favorites, with these nominees’ names used most often in 2019 as a disguise for malware.
“The typical scenario of the attack begins with a social engineering scheme, as attackers send a phishing e-mail that contains malware to a bank employee.
“From there the malware gets inside the banks’ security perimeter and lays low for a while, gathering information on the victim organisation by capturing screenshots and making video recordings of the day to day activity on the infected device, learning how things work in the targeted banks.
“Once attackers are ready to take action, they activate all capabilities of the malware and cash out using, for example, ATMs. The score sometimes reaches millions of dollars,” the company noted.
At the 2019 yearly Bankers Committee retreat, in Ogun State, the body, led by the Governor of the Central Bank of Nigeria (CBN), Godwin Emefiele, admitted that cyber threat is more real than it used to be, but pledged to up their investments in cyber defense this year.
According to him, bankers are now fully aware of the risks associated with their business as it relates to credit and operations.
“Cyber risk, which today, is growing in different parts of the world, calls for the banks, the CBN, and the government, to do something about it. The banks have been advised to do more in their management and control of cyber risks.
“The banks were also advised to invest more money in tools, whether soft or hardware, that will help them in containing cyber risks in their operational environment.
“Of course, on the part of the CBN, we have all along been issuing different guidelines and frameworks on how the banks can combat cyber attack and how the industry and the country can combat the incidence of cyberattacks, which in any case, will continue.
“But we just need to prepare so that when they strike, we would be able to withstand the shock and able to discover it early enough for the banks not to lose money or for depositors funds not to be lost,” he said.
He pointed out that the apex bank is looking at investing in a security operations center, which will act as gateway, not only for banks.
“Unfortunately, we are all naked today as a result of Internet and cyber and we all have to do everything to protect ourselves,” he added.
The banking industry in Nigeria, in its quests for increased customer-base through service excellence, evolving payment system landscape and deepening of financial inclusion, have created multitude of products to drive the goals. Some of these products and their operations have also been hacked into by fraudsters.
The current attack, detected by Kaspersky researchers, began in the first week of January 2020 and indicated that the threat actors are about to begin the final stage of their operation and cash out the funds. The attacks, they said, are ongoing and persist in targeting large banks in several SSA countries.
“Silence group has been quite productive in the past years, as they live up to their name; their operations require an extensive period of silent monitoring, with rapid and coordinated thefts.
“We noticed a growing interest of this actor group in banking organisations in 2017 and since that time the group would constantly develop, expanding to new regions and updating their social engineering scheme.
“We urge all banks to stay vigilant, as apart from the large sums Silence group also steal sensitive information while monitoring the Banks activity as they video record screen activity. This is a serious privacy abuse that might cost more than money can buy,” Sergey Golovanov, a security researcher at Kaspersky, said.
The situation in Nigeria, starting from public outcry over the spate of inexplicable charges associated with banking, has remained on the upswing, while there was a total of 1,612 complaints from consumers of financial services received between July and December 2018.
The figure, which showed an increase of 173 complaints or 12.02 per cent over the 1,439 received in the first half of 2018, was contained in the Financial Stability Report of the Central Bank of Nigeria (CBN).
Of the total complaints, 1,602 or 99.38 per cent were against commercial banks, while 10 complaints or 0.62 per cent were against Other Financial Institutions (OFIs).
Specifically, the complaints were basically about excess/unauthorised charges, frauds, guarantees, dispense errors and funds transfers.
Total claims made by customers during the period amounted to N7.995 billion and $1.767 million, while N3.093 billion and $1.724 million were refunded to them.
Also, 1,496 of these complaints were successfully resolved or closed in the period under review, compared with 4,723 in the first half of 2018, indicating a decrease of 3,227 or 215.71 per cent.
But here comes the “elephant” in the house and that is reported cases of fraud and forgeries by banks, which increased to 25,029 at end of December 2018, from 20, 774 at end of June 2018.
During the period, various cyber-attacks were carried out on high profile entities, including the Central Bank of Bahamas, Marriot Hotels, Google plus, Arik Air, British Airways and UK NHIS, among others, leading to the loss of customers’ private information, revealing the vulnerability of all classes of organisations.
In Nigeria, the total amount involved decreased to N18.94 billion at end of December 2018, from N19.77 billion at end of June 2018.
Similarly, actual losses declined to N2.21 billion in the period under review from N12.1 billion in the first half of 2018.
Also, the total number of reported fraud cases in OFIs stood at 754 at end of December 2018, while the actual loss of N120.98 million was recorded during the same period.
The Automated Teller Machines (ATM) and mobile money channels recorded the highest incidences of fraud. In order to tackle this trend, bank customers were continually sensitized on safe banking practices while banks were encouraged to implement strong authentication controls and carry out comprehensive infrastructure risk assessments.
The United States Federal Bureau of Investigation had issued a warning to banks on a new type of fraud known as the ATM Fraud or ATM Cloned Card fraud, which involves hackers accessing bank systems or payment card processors and altering data to withdraw large sums of cash within a short period.
In response to this warning, CBN carried out vulnerability assessments on all banks and payment system providers and directed the remediation of identified vulnerabilities on all ATM servers.
To mitigate the incidence of attacks in the financial system, the apex bank released cyber- security framework and guidelines for banks and payment service providers.
The framework stipulates, among other requirements, the establishment of Cyber-Threat Intelligence (CTI) programmes to proactively identify, assess and mitigate potential cyber-threats.
It also stipulates the appointment of a “Chief Information Security Officer” (CISO) to oversee and implement a bank’s cyber-security programme.
In line with good practice, CBN appointed a CISO to oversee its cyber-security programme, while urging banks to follow immediately.
As a response in the face of the growing threat to the banking industry, the cyber security experts have outlined series of cautions, which must be adhered to strictly with urgency.
Banks and perhaps, other high net worth organisations, must introduce basic security awareness training for all employees so that they can better distinguish phishing attempts and monitor activity in enterprise information systems information security operations center.
They should use security solutions with dedicated functionality aimed at detecting and blocking phishing attempts. Businesses can protect their on-premise email systems with targeted applications inside the Kaspersky Endpoint Detection and Response or use the Kaspersky Anti Targeted Attack platform.
There is also need to avail security teams access to up-to-date threat intelligence data, to keep pace with the latest tactics and tools used by cybercriminals, while also be prepared for an incident response plan for potential incidents in the network environment.