The Nigeria Computer Emergency Response Team (ngCERT) has issued a cybersecurity advisory warning financial institutions across the country about a growing threat of cyber-enabled ATM cash-out attacks, urging banks to strengthen their security systems against increasingly sophisticated criminal networks.
The agency said the warning followed a major cyberattack on United Bank for Africa (UBA) Senegal, where fraudsters allegedly withdrew more than $2 million through 3,421 coordinated ATM transactions.
According to ngCERT, the attackers are believed to have gained privileged access to the bank’s card authorization infrastructure, enabling them to manipulate transaction controls, alter withdrawal limits and fraud monitoring settings, and facilitate large-scale unauthorized cash withdrawals.
The agency explained that cybercriminals typically infiltrate banking networks through phishing campaigns, supply chain vulnerabilities, or insider access before deploying malware, including Ploutus variants and other jackpotting tools, to compromise ATM systems.
It noted that after gaining access, attackers conduct reconnaissance to identify critical systems involved in ATM transaction processing, card management and payment authorization before escalating privileges and modifying card parameters to support coordinated cash-out operations.
ngCERT warned that such attacks pose significant financial and operational risks, including substantial monetary losses, depletion of ATM cash reserves, compromise of core banking systems, customer account manipulation, data breaches, reputational damage, regulatory sanctions and disruptions to banking operations.
Describing the attack method as a major threat to financial institutions operating similar ATM and card systems across the region, the agency urged banks to immediately review and strengthen security around ATM infrastructure, payment authorization systems and card management platforms.
It recommended the implementation of multi-factor authentication for administrative accounts, stricter privileged access controls, regular firmware updates for ATMs, tighter controls on third-party vendor access, and stronger network segmentation between ATM networks, core banking systems and internet-facing services.
The agency also advised financial institutions to enhance real-time transaction monitoring, detect unusual withdrawal patterns, monitor unauthorized changes to transaction limits, deploy advanced endpoint detection and response solutions, conduct regular penetration testing, and intensify employee awareness programmes on phishing attacks and insider threats.
The latest advisory comes amid growing cyber threats targeting Nigerian financial institutions, businesses and government agencies. Earlier this year, the National Information Technology Development Agency (NITDA) warned about a new artificial intelligence-powered malware known as DeepLoad, which is designed to infiltrate systems, steal sensitive information and evade conventional antivirus software.
