The modern era’s great bank robbery


…The battle against cyber-attacks and card fraud

Ghana’s banking sector has recently faced a daunting challenge, witnessing a significant surge in cyber-attacks and an alarming increase in card fraud incidents. These occurrences have sparked concerns among financial institutions, regulators, and customers alike, triggering a collective response to confront these escalating threats head-on.

Cybercriminals operating in Ghana have grown increasingly adept at their craft, targetting the digital infrastructure of banks and exploiting vulnerabilities in their security systems. Their tactics encompass a wide range of methods from deceptive phishing attempts aimed at deceiving customers into disclosing sensitive information to employing advanced hacking techniques that breach banking networks and compromise valuable data.

Moreover, the rise of card fraud has posed a formidable obstacle for Ghanaian banks. Fraudsters employ various tactics, such as skimming, card cloning and unauthorised online transactions, to illicitly gain access to funds and defraud unsuspecting customers. These incidents not only result in financial losses, but also undermine customer trust in the banking system, necessitating urgent action.

In the midst of this challenging landscape, Ghana finds itself grappling with an unprecedented cybercrime phenomenon known as the “Great Bank Robbery of the Modern Era”. Over the past two years, a notorious criminal cyber gang, named the Carbonic Group, has orchestrated a series of audacious heists, siphoning off an estimated billion dollars from more than 100 financial institutions. This brazen feat has earned them infamy as the masterminds behind one of the most significant cyber bank robberies to date.

Hailing from Russia, the Carbonic Group has operated covertly, launching highly sophisticated attacks that have left the financial sector reeling. The plot thickened when an alarmed employee from a major Russian bank, suspicious that their communications were compromised, sought urgent face-to-face assistance from cybersecurity firm Kaspersky Labs. Their investigation uncovered a startling revelation: the bank’s domain controller, a critical server responsible for network control, had been surreptitiously transmitting sensitive data to unknown servers in China.

Gaining control over the domain controller provided the criminals access to the entire network, presenting a grave threat to the bank’s security. Kaspersky Labs swiftly sprang into action, meticulously scrutinising every device connected to the internal banking network. Initially, nothing appeared amiss, but further investigation revealed the presence of screen-sharing software surreptitiously installed on certain computers without the bank’s knowledge.

Digging deeper, the researchers uncovered a spear phishing attack—an insidious form of phishing—where the hackers had sent deceptive emails posing as legitimate customers. These emails contained infected attachments embedded with malware. Once an unsuspecting employee opened the malicious document, the hackers gained control, installing a backdoor into the computer and compromising the entire network. From there, the attackers silently observed and recorded every action taken by bank employees, becoming virtual shadows within the institution.

Equipped with an intricate understanding of the bank’s protocols and operations, the Carbonic Group executed their grand scheme. Posing as high-ranking banking officials, they manually transferred enormous sums of money through the international banking system, Swift. They also exploited the bank’s e-payment system to divert funds into their own accounts, eventually draining them with the aid of money mules.

Going even further, the hackers remotely took control of ATMs, transforming them into cash-dispensing machines at their command. Money mules discreetly collected the cash from these remote locations, expanding the scope of their operation. Additionally, the Carbonic Group manipulated small accounts, inflating their balances and pocketing the difference.

Through tireless efforts, authorities managed to identify the Carbonic Group’s command and control server located in the Netherlands. Swift action by the Dutch police resulted in its seizure, uncovering the true extent of the group’s global reach.

Countering cyber-attacks in Ghana’s banking sector: A comprehensive solution

As Ghana’s banking sector grapples with the increasing frequency of cyber-attacks and card fraud incidents, it is crucial to implement a comprehensive solution that addresses these threats head-on. Banks in Ghana are taking proactive measures and collaborating with regulatory bodies, law enforcement agencies, and industry experts to develop effective strategies. By sharing information, insights and best practices, the goal is to strengthen the resilience of the banking sector and swiftly respond to cyber threats.

To counter cyber-attacks, Ghanaian banks are implementing enhanced security measures. These measures include robust security protocols, such as multi-factor authentication, encryption, intrusion detection systems and firewalls. Regular security audits and updates help stay ahead of evolving threats and ensure the protection of sensitive data.

Employee education and training play a vital role in fortifying the defences of banks. Investing in comprehensive training programmes helps employees stay informed about the latest cyber threats, phishing techniques and data protection best practices. Regular awareness campaigns enable employees to identify and report suspicious activities promptly.

Banks are also emphasising strong password policies to bolster security. Enforcing complex passwords, regular password changes, and discouraging password reuse are crucial steps. Implementing two-factor authentication adds an additional layer of protection against unauthorised access.

Secure network architecture is another essential aspect of the solution. Banks should segment their networks to limit access to critical systems and sensitive data. This ensures that even if one part of the network is compromised, the impact can be contained.

Keeping software up to date is imperative. Regularly applying software updates, security patches, and firmware updates helps fix vulnerabilities and protect against known exploits. This includes not only operating systems, but also banking applications and third-party software.

Having a comprehensive incident response plan is essential for banks to effectively handle cyber-attacks. This plan should outline steps to identify and isolate compromised systems, notify customers, and collaborate with law enforcement agencies.

Continuous monitoring is crucial to detect and respond to suspicious activities in real-time. Implementing monitoring tools that analyse network traffic, user behaviour, and system logs enables banks to identify unauthorised access or abnormal behaviour promptly.

Managing vendor and third-party risks is also critical. Banks should assess the security practices of their vendors and third-party partners, ensuring they meet robust security standards. Regular audits and contractual agreements can enforce compliance.

Regular data back-ups are essential for quick recovery in case of a cyber-attack. Banks should regularly back up critical data and store back-ups in secure offsite locations to prevent data loss or encryption during an attack.

Collaboration and information-sharing among banks, government agencies, and cybersecurity organisations are key components of the solution. By sharing threat intelligence and best practices, the banking sector can collectively identify emerging threats and develop effective countermeasures.

Considering cyber insurance is another important aspect for banks in Ghana. Cyber insurance policies can help mitigate financial losses associated with cyber-attacks, covering expenses – such as legal fees, financial losses, and reputational damage.

Adopting a proactive and holistic approach to cybersecurity is vital for Ghanaian banks. By continuously adapting and improving their defences, staying informed about emerging threats, and fostering a culture of security, banks can strengthen their resilience against cybercriminals.

The writer is an Economic Policy & Financial Analyst

Leave a Reply