Nigeria’s Computer Emergency Response Team (NgCERT) has urged financial institutions to reinforce their cybersecurity systems following a surge in automated teller machine (ATM)-related attacks targeting banks across Africa.

In a cybersecurity advisory issued on June 25, the agency classified the threat as “high risk,” warning that the attacks could inflict significant financial losses, disrupt banking operations and damage public confidence if not promptly addressed.

NgCERT, the federal agency responsible for coordinating responses to cyber threats in Nigeria under the Office of the National Security Adviser (ONSA), said the warning was prompted by a recent cyberattack on United Bank for Africa (UBA) in Senegal.
According to the advisory, cybercriminals successfully compromised the bank’s card authorisation infrastructure, enabling them to manipulate transaction controls and carry out 3,421 ATM withdrawals that resulted in losses exceeding $2 million.

The agency said the attack demonstrated a sophisticated methodology that poses a serious threat to financial institutions operating similar ATM and payment card systems across Africa.

“This methodology poses a significant threat to financial institutions operating similar ATM and card systems across the region,” the advisory stated.

NgCERT explained that investigations into recent incidents indicate that attackers typically gain initial access to bank networks through phishing campaigns, vulnerabilities within third-party supply chains or insider assistance.

Once inside the network, the attackers conduct extensive reconnaissance to identify critical systems responsible for ATM transaction processing, card management and transaction authorisation.

The agency said the threat actors then deploy malware, escalate their system privileges and manipulate key security controls, including ATM withdrawal limits, transaction velocity restrictions, fraud monitoring thresholds and payment card parameters.

It added that the attackers are also capable of creating new payment card records or altering existing ones, enabling coordinated cash-out operations involving multiple operatives simultaneously withdrawing large amounts of cash from ATMs across different locations.

NgCERT warned that successful exploitation of these vulnerabilities could result in massive financial losses through the rapid depletion of ATM cash reserves, compromise of core banking infrastructure and manipulation of customer accounts.

Beyond direct financial losses, the agency said such attacks could trigger regulatory sanctions, reputational damage, service disruptions and broader network compromise that may lead to sensitive data breaches.

To mitigate the threat, ngCERT advised banks to strengthen privileged access management and enforce multi-factor authentication for all administrative accounts.

The agency also urged financial institutions to immediately harden their ATM infrastructure by disabling unnecessary remote access, applying the latest firmware updates and reviewing all third-party remote access channels and vendor accounts.

Other recommendations include implementing strict network segmentation, enhancing real-time transaction monitoring, conducting continuous threat-hunting activities, carrying out regular penetration testing and red-team exercises, and strengthening employee awareness of phishing attacks and insider threats.

NgCERT further called on banks to regularly test and update their incident response plans to ensure they are equipped to respond effectively to sophisticated ATM cash-out attacks as cyber threats continue to evolve.