FG Raises Alarm Over Rising ATM Cyberattacks After $2 Million UBA Senegal Hack
FG Warns Banks of ATM Cyberattacks After UBA Senegal Hack

Nigeria's Computer Emergency Response Team (ngCERT) has issued a high-risk security advisory to financial institutions, warning of a surge in sophisticated ATM-related cyberattacks targeting banks across Africa. The alert, released on June 25, emphasizes the urgent need for enhanced cybersecurity measures following a reported $2 million theft from United Bank for Africa (UBA) in Senegal.

UBA Senegal Hack: A Wake-Up Call

The advisory specifically references a recent cyberattack on UBA Senegal, where cybercriminals allegedly stole over $2 million through 3,421 unauthorized ATM withdrawals. According to ngCERT, the attackers gained privileged access to the bank's card authorization systems, enabling them to manipulate transaction controls and coordinate large-scale cash withdrawals from multiple locations. The agency warns that similar attack methods could easily be replicated against banks operating comparable ATM and payment card infrastructure across the continent.

Investigations cited in the advisory reveal that attackers typically infiltrate banking networks via phishing emails, compromised third-party vendors, supply-chain vulnerabilities, or insider access. Once inside, they conduct extensive reconnaissance to identify systems responsible for ATM processing, card management, and transaction authorization. The criminals then alter withdrawal limits, transaction velocity settings, fraud detection thresholds, and payment card records, enabling a network of operatives to simultaneously withdraw large sums of cash from ATMs in different geographic locations before the fraud is detected.

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

Potential Financial and Operational Consequences

NgCERT warned that successful ATM cash-out attacks could rapidly deplete ATM cash reserves while exposing core banking systems to compromise. The agency stated: “Once inside, attackers conduct internal reconnaissance to map critical systems involved in ATM transaction processing, card management and authorization services.” Such breaches may lead to customer account manipulation, theft of sensitive financial data, prolonged service disruptions, regulatory sanctions, and severe reputational damage for affected institutions. Beyond immediate financial losses, the attacks could create broader cybersecurity risks by allowing hackers to expand their access across internal banking networks.

Banks Advised to Strengthen Cyber Defenses

To mitigate the risk of future attacks, ngCERT urged financial institutions to tighten privileged access controls and enforce multi-factor authentication for all administrative accounts. The agency also recommended hardening ATM infrastructure by disabling unnecessary remote access, installing the latest firmware and security patches, and reviewing third-party vendor accounts and remote access pathways. Additionally, banks should implement stronger network segmentation, improve real-time transaction monitoring, conduct continuous threat-hunting exercises, and carry out regular penetration tests and red-team simulations.

NgCERT further called for increased staff awareness on phishing attacks and insider threats, while encouraging financial institutions to routinely test and update incident response plans specifically designed for ATM cash-out attacks. As cybercriminals continue to adopt more advanced tactics, the agency stressed that proactive and comprehensive cybersecurity measures are essential to protect the financial sector from significant financial losses, operational disruptions, and reputational damage.

Broader Context: Cyber Threats in Nigeria

This warning comes amid a rising tide of cybercrime in Nigeria. Earlier, the Federal High Court in Abuja ordered an additional 30-day freezing of 818 bank accounts suspected of being involved in an alleged N10 billion cyberattack on Hope Payment Service Bank. The court granted the freezing order to help the bank recover funds moved into the accounts during a July cyber heist. These incidents underscore the growing sophistication and frequency of cyberattacks targeting financial institutions in the region, highlighting the critical need for robust cybersecurity frameworks and vigilant monitoring.

Pickt after-article banner — collaborative shopping lists app with family illustration