The Nigeria Computer Emergency Response Team has issued a cybersecurity advisory warning financial institutions across the country about a growing wave of cyber-enabled ATM cash-out attacks.

According to the advisory, cybercriminals successfully orchestrated a coordinated ATM cash-out operation against UBA Senegal, resulting in fraudulent withdrawals exceeding $2 million through 3,421 ATM transactions.

ngCERT said the attack involved coordinated cash withdrawals by Senegalese nationals allegedly linked to an international criminal network.

The agency noted that attackers are believed to have gained privileged access to card authorization infrastructure, allowing them to manipulate transaction controls and facilitate large-scale fraudulent withdrawals.

The agency explained that recent incidents across the continent demonstrate how threat actors infiltrate banking networks through phishing campaigns, supply chain vulnerabilities, or insider access before deploying malware such as Ploutus variants and other jackpotting tools.

“…a similar attack on United Bank for Africa (UBA) Senegal resulted in the fraudulent withdrawal of more than USD 2 million through 3,421 ATM transactions.

“Once inside, attackers conduct internal reconnaissance to map critical systems involved in ATM transaction processing, card management, and authorization services, followed by privilege escalation.

“They also manipulate key card authorization controls, including withdrawal limits, transaction velocity controls, fraud monitoring thresholds, and card parameters, while creating, activating, or altering payment card records,” the ngCERT explained.

According to ngCERT, these changes enable coordinated cash-out operations in which multiple operatives simultaneously conduct high-volume ATM withdrawals across different locations, allowing criminals to maximize withdrawals before detection and quickly convert digital funds into physical cash.

The cybersecurity agency warned that successful ATM cash-out attacks could result in significant financial and operational consequences for affected institutions.

Among the risks identified are massive financial losses through the rapid depletion of ATM cash reserves, compromise of core banking systems, manipulation of customer accounts, and broader network intrusions that could lead to data breaches.

The agency also highlighted the potential for reputational damage, erosion of public trust in digital banking services, regulatory sanctions, and disruptions to banking operations across branches and ATM networks.

“The methodology poses a significant threat to financial institutions operating similar ATM and card systems across the region,” ngCERT stated.

To mitigate the threat, ngCERT urged financial institutions to immediately review and strengthen security controls around ATM infrastructure, card management platforms, and payment authorization systems.

The agency recommended implementing multi-factor authentication for all administrative accounts and reviewing privileged access controls across ATM and payment-switch environments.

Banks were also advised to harden ATM infrastructure by disabling unnecessary remote access channels, applying the latest firmware updates, and reviewing third-party vendor access pathways.

Other recommendations include implementing strict network segmentation between card-processing infrastructure, ATM networks, core banking systems and internet-facing services, as well as enhancing real-time transaction monitoring to detect unusual withdrawal patterns and geographically dispersed ATM activities.

ngCERT further called on financial institutions to monitor for unauthorized changes to transaction limits and authorization parameters, deploy advanced endpoint detection and response solutions, conduct regular penetration testing and security audits, and strengthen employee awareness around phishing and insider threats.

The latest ngCERT warning comes amid a growing wave of cyber-attacks targeting Nigerian organisations, including private institutions such as banks and government agencies.

Earlier in May this year, the National Information Technology Development Agency (NITDA) also raised an alarm over a new artificial intelligence-powered malware known as DeepLoad, warning that the cyber threat is actively targeting Nigerian government agencies, financial institutions, businesses, and individuals.

According to NITDA, DeepLoad is an AI-enhanced malware strain designed to infiltrate systems, steal sensitive information, and evade conventional antivirus detection systems.

The agency explained that the malware spreads through deceptive website prompts that trick users into executing malicious commands on their computers.