The Africa Centre for Digital Transformation (ACDT) has issued a warning to banks in Ghana about potential cybercrime threats following a global software failure.
The incident, which occurred on July 19, 2024, involved a defective update from cyber-security firm CrowdStrike, affecting millions of Microsoft Windows devices worldwide.
The software glitch, which lasted for 78 minutes, disrupted various sectors including banking, aviation, and healthcare. Microsoft confirmed that the faulty update impacted 8.5 million Windows devices, leading to widespread system failures. Despite CrowdStrike’s rapid response to rectify the issue, the damage was extensive, causing numerous flight cancellations and operational disruptions at banks.
In light of these events, the ACDT in a statement issued today cautioned financial institutions in Ghana about a fake CrowdStrike update being promoted through a phishing site (portalintranetgrupobbva[.]com).
This fraudulent update installs the Remcos Remote Access Trojan (RAT), posing significant security risks. The phishing site masquerades as a BBVA intranet portal, misleading banks into downloading malicious software that can compromise their systems.
Additionally, the ACDT’s Cyber Security unit has identified a new group of cyber attackers distributing a data-wiping malware under the guise of a CrowdStrike update. This malware overwrites files with zero bytes, rendering systems inoperable and reporting the damage back to the attackers.
The ACDT urges banks, savings and loans institutions, and rural banks in Ghana to be vigilant, especially those using CrowdStrike and Microsoft Azure antivirus solutions. Threat actors are impersonating CrowdStrike by sending emails from the domain ‘crowdstrike.com.vc’, claiming to offer a tool to restore Windows systems.
To mitigate these risks, the ACDT recommends several proactive measures:
- Activate Backup Systems and Redundancies: Switch to backup servers and data centres if primary systems are affected.
- Implement Business Continuity Plans (BCP): Ensure all employees understand their roles during IT outages.
- Enhance Communication: Maintain clear communication with customers regarding outages and resolutions.
- Engage Incident Response Teams: Deploy dedicated teams to address and resolve the outage.
- Monitor Systems and Security: Continuously check IT systems for anomalies or threats.
- Conduct Post-Outage Analysis: Perform thorough analysis and reporting of the outage’s cause and impact.
- Customer Support and Assurance: Provide additional support to reassure customers about data security.
- Review and Update Contingency Plans: Regularly update contingency plans based on lessons learned.
- Collaborate with Industry Partners: Share information and best practices within the industry.
- Invest in IT Resilience: Enhance IT resilience through robust disaster recovery solutions and diversified cloud services.
The statement said by taking these steps, banks in Ghana can safeguard their operations, maintain customer trust, and bolster their preparedness for future incidents.