Banks at risk of cyber attacks following CrowdStrike software defect – ACDT

Facebook
Twitter
LinkedIn
WhatsApp
Telegram
Email

Experts have raised concerns that the recent software update by cybersecurity firm CrowdStrike, which led to a widespread global technology outage affecting major businesses and institutions, including Microsoft, may also pose risks to local banks.

The Africa Center for Digital Transformation (ACDT) warned that domestic banks could be exposed to increased cyber risks as a result of this global tech disruption. The failure has impacted several industries, including banking, healthcare, and aviation, underscoring the need for banks to remain vigilant against cybercrime to protect depositor funds.

ACDT noted that CrowdStrike has acknowledged the tech failure, attributing it to an update intended to enhance antivirus protection for Microsoft Windows devices. Instead of preventing attacks, the update inadvertently caused system failures across various sectors.

Additionally, ACDT has highlighted a related threat: a phishing site promoting a fake CrowdStrike hotfix. This malicious update, disguised as a BBVA intranet portal, installs the Remcos RAT (Remote Access Trojan) and contains instructions that could deceive banks into installing it to prevent errors when connecting to internal networks. This tactic aims to breach financial institutions’ data.

The Africa Center for Digital Transformation is advising all banks, savings and loan institutions, and rural banks in Ghana to be cautious and protect themselves against this emerging cyber threat.

The Executive Director – ACDT, Kwesi Atuahene, said: “The defect in CrowdStrike’s software update had a massive impact on Windows systems at numerous organisations, making it too good an opportunity for cyber-criminals to pass. Microsoft confirmed on their website that the faulty update affected 8.5 million Windows devices worldwide. The damage happened in 78 minutes between 04:09 UTC and 05:27 UTC”.

He added that despite the low percentage of affected systems and CrowdStrike’s effort to correct the issue quickly, the impact was huge. The computer crashes led to thousands of flights being cancelled and disrupted activities at several banks.

ACDT’s Cyber Security Unit also identified that there is an emerging group of cyber attackers, distributing a data wiper under the pretence of delivering an update from Crowdstrike. It decimates the system by overwriting files with zero bytes and then reports it over.

Financial institutions that are using antivirus from CrowdStrike and Microsoft Azure must be aware that there are a number of threat actors that are impersonating CrowdStrike in emails banks use to distribute the data wiper.

The threat actors impersonate CrowdStrike by sending emails from the domain ‘crowdstrike.com.vc’, telling banks that a tool was created to bring Windows Systems back online.

While CrowdStrike and Microsoft are using a multi-faceted approach to address the challenge, ACDT has outlined several reactive measures to mitigate the impact and enhance their resilience, including: activating backup systems and redundancies; switching to backup servers and data centres if primary systems are affected, ensure that critical operations can continue using alternate systems or manual processes if necessary; implement business continuity plans (BCP); and activate predefined business continuity plans that include steps for maintaining operations during IT outages, among others.

The ACDT has also urged financial institutions to consider investing in additional IT resilience measures, such as more robust disaster recovery solutions and diversified cloud service providers.

“ACDT strongly recommends that by taking these steps, banks in Ghana can mitigate the impact of the outage, maintain customer trust and improve their preparedness for future incidents,” he reiterated.

Share this post :

Facebook
Twitter
LinkedIn
WhatsApp
Telegram
Email