Banks at risk of cyber attacks following global software defect – ACDT

For instance, the Africa Center for Digital Transformation (ACDT) is cautioning that domestic banks are also susceptible to cyber risk due to the massive global tech failure that has impacted several industries, including banking, healthcare and aviation; hence, the need for banks to be cybercrime-alert to safeguard depositor’s funds.

ACDT emphasised that the cyber-security firm, CrowdStrike, has admitted to the tech failure, explaining that it had been caused by an update to its antivirus software designed to protect Microsoft Windows devices from malicious attacks rather than lead to widespread system failures, and impacting various sectors such as banking, aviation and healthcare globally.

ACDT has cautioned that amid this prevailing crisis, a phishing site is promoting a fake CrowdStrike hotfix that installs the Remcos RAT which pretends to be a BBVA intranet portal. Enclosed in the malicious archive are instructions suggesting to most banks to install the update to avoid errors when connecting to the bank’s internal network. This is a viral threat that is used to hack financial institutions data.

The Africa Center for Digital Transformation, therefore, seeks to caution all banks, saving and loans institutions and rural banks in Ghana against this cyber-attack.

Executive Director – ACDT, Kwesi Atuahene, said: “The defect in CrowdStrike’s software update had a massive impact on Windows systems at numerous organisations, making it too good an opportunity for cyber-criminals to pass. Microsoft confirmed on their website that the faulty update affected 8.5 million Windows devices worldwide. The damage happened in 78 minutes between 04:09 UTC and 05:27 UTC”.

He added that despite the low percentage of affected systems and CrowdStrike’s effort to correct the issue quickly, the impact was huge. The computer crashes led to thousands of flights being cancelled and disrupted activities at several banks.

ACDT’s Cyber Security Unit also identified that there is an emerging group of cyber attackers, distributing a data wiper under the pretense of delivering an update from Crowdstrike. It decimates the system by overwriting files with zero bytes and then report it over.

Financial institutions that are using antivirus from CrowdStrike and Microsoft Azure must be aware that there are a number of threat actors that are impersonating Crowdstrike in emails banks use to distribute the data wiper.

The threat actors impersonate CrowdStrike by sending emails from the domain ‘crowdstrike.com.vc’, telling banks that a tool was created to bring Windows Systems back online.

While CrowdStrike and Microsoft are using multi-faceted approach to address the challenge, ACDT has outlined several reactive measures to mitigate the impact and enhance their resilience, including: to activate back-up systems and redundancies; switch to back-up servers and data centres if primary systems are affected, ensure that critical operations can continue using alternate systems or manual processes if necessary; implement business continuity plans (BCP); and activate predefined business continuity plans that include steps for maintaining operations during IT outages, among others.

Invest in IT resilience

ACDT has also urged financial institutions to consider investing in additional IT resilience measures, such as more robust disaster recovery solutions and diversified cloud service providers.

“ACDT strongly recommends that by taking these steps, banks in Ghana can mitigate the impact of the outage, maintain customer trust and improve their preparedness for future incidents,” he reiterated.