• Steals
passwords financial data
•
Experts seek measures against Nigeria’s vulnerability
Cyber
criminals appear to have stepped up their games, as they have
unleashed an invincible malware attacks on Automated Teller Machines
(ATMs) of banks.
Experts
have therefore sought increased measures against Nigeria’s
vulnerability, calling for concerted efforts between the Central Bank
of Nigeria (CBN) and the financial institutions in the country to
safeguard the operations of about 17, 398 ATMs in the country. The
ATMs carried out about N4.9 trillion worth of transactions in 2016.
The
digital strikes targeted computers that operate ATMs, letting hackers
‘push money out of the banks from within the banks’. The malware
hides itself in the computer’s memory to avoid detection, and
researchers say they have no idea who is behind it. “It
is not known who is behind the attacks, Kaspersky Labs, who
discovered the exploit,” said.
“The use of open source exploit
code, common Windows utilities and unknown domains makes it almost
impossible to determine the group responsible – or even whether it
is a single group or several groups sharing the same tools,” it
stated. The
U.S., France, the U.K., Ecuador and Kenya are the top five nations
affected by the hack, with the U.S. being the hardest hit with 21
incidents.
Other countries include Brazil, Tunisia, Egypt, Russia,
Turkey, Israel, Uganda, Spain, Saudi Arabia, China, Congo, Libya,
Peru, Tanzania, Kazakhstan, Ukraine and others. The hit enterprise
includes the banks, government organisations and telecommunications
companies.
The
ATM Industry Association (ATMIA) said there are now close to three
million cash machines installed worldwide. Accordingly, the code
invisibly collects the passwords of system administrators so that the
attackers could remotely control the victim’s systems.
“The
ultimate goal appears to have been access to financial processes,”
said Kaspersky Lab expert, Kurt Baumgartner, adding, “What’s
interesting here is that these attacks are ongoing globally against
banks themselves. The banks have not been adequately prepared in many
cases to deal with this.”
Baumgartner
went on to say that those conducting the attacks are “pushing money
out of the banks from within the banks” by targeting computers that
operate ATMs.
Unlike
most other attacks, it drops no malware files onto the hard drive,
but hides them in the memory. This combined approach helps to avoid
detection by white listing technologies, and leaves forensic
investigators with almost no artefacts or malware samples to work
with.
Speaking
to The Guardian, on the issue as it relates to Nigeria, the
Chief Operating Officer, Manna Microfinance Bank, Tobe Nnadozie, the
cyber attacks target mostly online platforms in Nigeria. He
stressed that banks that also try to do short cut by running payments
on plain platforms without the security layers are the first set of
casualties this will hit.
According
to him, when the cyber fraudsters want to attack, they start with
avenues they can easily penetrate. “Unfortunately for the industry,
except we move on time, if they are able to hack into all these
avenues, the danger is that there may be other bank cardholders that
transact on these unsecured layers or the expired certificate layers
and they will get their fingers burnt.”
Nnadozie
stressed the need for continuous education, saying that due to apathy
to customer enlightenment, lack of cohesion among the financial
institutions in Nigeria, players do their own education separately.
“This will not work. It is the industry that will be affected by
this cyber attack, so there is need for more cohesion in our
messages.
What currently operates now is that when bank A brings out
an advert that says customers should watch out for this and that,
bank B will not want to bring out the same in order not to be
labelled as a copycat. This trend has even moved to the Micro Finance
banks.”
He
urged the CBN to lead the cause by running continuous awareness
programmes in different languages on this menace; as most people
still not know that phishing (tricking people into disclosing their
bank details) is on the increase.
The
truth about Nigeria is that apart from the ATM cards and ATM
terminals, most other platforms are heavily prone to fraud because
people are trying to beat the standard and in the course of doing
such they create opportunities for fraudsters.
Nnadozie
stressed that as the fraudsters are changing their games, Nigeria too
should up the ante to fight the menace, and called for effective
legislation to curb the trend. “The jail term should be
commensurate punishment for offenders caught, if not, more people
will be attracted to the crime.”
To the
Director-General, Delta State Innovation Hub, Chris Uwaje, the
challenge is that the ATMs don’t have indigenous language, which
makes users more vulnerable.
Uwaje
said malware are designed in specific modular languages following a
particular route and because the software that drives most of the
ATMs in the country are in the cloud, they are controlled by other
people.
No comments:
Post a Comment