- The Africa Centre for Digital Transformation (ACDT), a body creating digital literacy and awareness, has alerted banks, savings and loan institutions, and rural banks in Ghana about potential cybercrime threats. This follows a global software failure involving Microsoft and CrowdStrike, a cyber-security company.
- The centre confirmed the presence of a new group of cyber attackers leveraging the global software failure to distribute malware designed to wipe data, disguising it as an update from Crowdstrike.
- It reiterated that financial institutions using antivirus from CrowdStrike and Microsoft Azure must be cautious as several threat actors are impersonating Crowdstrike in emails banks use to distribute the data wiper.
The centre furthered that the threat actors impersonate CrowdStrike by sending emails from the domain 'crowdstrike.com.vc', claiming that a tool has been developed to restore Windows systems online for banks.
The ACDT highlighted the discovery of a fake Crowdstrike Hotfix update distributing the Remcos RAT. The fraudulent update is disseminated via a phishing site posing as a BBVA intranet portal. The malicious package advises banks to install it to avoid connectivity issues with their internal network.
In response, the ACDT stressed the importance of a comprehensive strategy. It underscored the necessity for affected financial institutions to take reactive actions, such as activating backup systems and redundancies, maintaining transparent communication channels with customers, and executing business continuity plans.
It also mentioned that institutions should be involved in incident response teams, monitoring systems security, performing post-outage analysis, and reporting and investing in additional IT resilience measures.
On July 19, 2024, a global tech outage disrupted the operations of CrowdStrike and Microsoft, significantly impacting several countries. CrowdStrike attributed the problem to an antivirus software update designed to protect Microsoft Windows devices against cyberattacks which unexpectedly resulted in widespread system failures. This incident impacted various sectors including banking, aviation, and healthcare globally.
In April 2024, the Director-General of the National Information Technology Agency (NITA), Richard Okyere-Fosu revealed that 60% of government systems lack sufficient antivirus protection, posing potential security risks. Besides, NITA’s assessment indicates that slightly over 30% of government systems and computers have the right antivirus setup.
In the first half of 2023, cyber fraud activities reportedly led to direct financial losses of $4.32 million (GH¢49.5m) in Ghana. Consequently, Ghana’s Cyber Security Authority (CSA) granted licences and accreditation to 51 cybersecurity industry players on July 15, 2024.