Experts are alerting that a recent software update from cybersecurity firm CrowdStrike, which triggered a worldwide technology outage affecting businesses and institutions, including Microsoft, could also pose risks to local banks.
The Africa Center for Digital Transformation (ACDT) warns that domestic banks are vulnerable to cyber threats due to the extensive global tech disruption that has affected numerous industries, such as banking, healthcare, and aviation. This underscores the importance of heightened vigilance against cybercrime to protect depositors’ funds.
According to ACDT, CrowdStrike has acknowledged the technical failure, attributing it to an update intended to enhance antivirus protection for Microsoft Windows devices, which inadvertently caused widespread system failures impacting various sectors globally, including banking, aviation, and healthcare.
ACDT also alerts that during this crisis, a phishing site is circulating a fraudulent CrowdStrike hotfix that installs the Remcos RAT, disguised as a BBVA intranet portal. The malicious archive includes instructions advising banks to install the update to avoid connectivity issues with their internal networks, representing a serious threat to financial institutions’ data.
The Africa Center for Digital Transformation advises all banks, savings and loans institutions, and rural banks in Ghana to be wary of this cyber threat.
Executive Director – ACDT, Kwesi Atuahene, said: “The defect in CrowdStrike’s software update had a massive impact on Windows systems at numerous organisations, making it too good an opportunity for cyber-criminals to pass. Microsoft confirmed on their website that the faulty update affected 8.5 million Windows devices worldwide. The damage happened in 78 minutes between 04:09 UTC and 05:27 UTC”.
He noted that although only a small percentage of systems were affected and CrowdStrike is working to resolve the issue swiftly, the overall impact was substantial. The computer failures led to thousands of flight cancellations and significant disruptions at various banks.
The Cyber Security Unit of ACDT has also discovered a new group of cybercriminals spreading a data-wiping malware disguised as an update from CrowdStrike. This malware destroys systems by replacing files with zero bytes and then erases them.
Financial institutions using antivirus solutions from CrowdStrike and Microsoft Azure should be aware that several threat actors are mimicking CrowdStrike in emails used by banks to distribute this data-wiping malware.
These attackers are pretending to be CrowdStrike by sending emails from the domain ‘crowdstrike.com.vc’, claiming that a tool has been developed to restore Windows Systems.
While CrowdStrike and Microsoft are using multi-faceted approach to address the challenge, ACDT has outlined several reactive measures to mitigate the impact and enhance their resilience, including: to activate back-up systems and redundancies; switch to back-up servers and data centres if primary systems are affected, ensure that critical operations can continue using alternate systems or manual processes if necessary; implement business continuity plans (BCP); and activate predefined business continuity plans that include steps for maintaining operations during IT outages, among others.
Invest in IT resilience
ACDT has advised financial institutions to explore investing in enhanced IT resilience strategies, including stronger disaster recovery solutions and a range of cloud service providers.
“ACDT strongly recommends that by taking these steps, banks in Ghana can mitigate the impact of the outage, maintain customer trust and improve their preparedness for future incidents,” he reiterated.