ngCERT raises alarm as bank loses $2 million to ATM cash-out cyberattack

The Nigeria Computer Emergency Response Team (ngCERT) has issued a cybersecurity advisory warning financial institutions across the country about a growing wave of cyber-enabled ATM cash-out attacks.

According to the advisory, cybercriminals successfully orchestrated a coordinated ATM cash-out operation against UBA Senegal, resulting in fraudulent withdrawals exceeding $2 million through 3,421 ATM transactions.

ngCERT said the attack involved coordinated cash withdrawals by Senegalese nationals allegedly linked to an international criminal network.

The agency noted that attackers are believed to have gained privileged access to card authorization infrastructure, allowing them to manipulate transaction controls and facilitate large-scale fraudulent withdrawals.

The agency explained that recent incidents across the continent demonstrate how threat actors infiltrate banking networks through phishing campaigns, supply chain vulnerabilities, or insider access before deploying malware such as Ploutus variants and other jackpotting tools.

According to ngCERT, these changes enable coordinated cash-out operations in which multiple operatives simultaneously conduct high-volume ATM withdrawals across different locations, allowing criminals to maximize withdrawals before detection and quickly convert digital funds into physical cash.

The cybersecurity agency warned that successful ATM cash-out attacks could result in significant financial and operational consequences for affected institutions.

Among the risks identified are massive financial losses through the rapid depletion of ATM cash reserves, compromise of core banking systems, manipulation of customer accounts, and broader network intrusions that could lead to data breaches.

The agency also highlighted the potential for reputational damage, erosion of public trust in digital banking services, regulatory sanctions, and disruptions to banking operations across branches and ATM networks.

To mitigate the threat, ngCERT urged financial institutions to immediately review and strengthen security controls around ATM infrastructure, card management platforms, and payment authorization systems.

The agency recommended implementing multi-factor authentication for all administrative accounts and reviewing privileged access controls across ATM and payment-switch environments.

Banks were also advised to harden ATM infrastructure by disabling unnecessary remote access channels, applying the latest firmware updates, and reviewing third-party vendor access pathways.

Other recommendations include implementing strict network segmentation between card-processing infrastructure, ATM networks, core banking systems and internet-facing services, as well as enhancing real-time transaction monitoring to detect unusual withdrawal patterns and geographically dispersed ATM activities.

ngCERT further called on financial institutions to monitor for unauthorized changes to transaction limits and authorization parameters, deploy advanced endpoint detection and response solutions, conduct regular penetration testing and security audits, and strengthen employee awareness around phishing and insider threats.

The latest ngCERT warning comes amid a growing wave of cyber-attacks targeting Nigerian organisations, including private institutions such as banks and government agencies.

According to NITDA, DeepLoad is an AI-enhanced malware strain designed to infiltrate systems, steal sensitive information, and evade conventional antivirus detection systems.

The agency explained that the malware spreads through deceptive website prompts that trick users into executing malicious commands on their computers.