ngCERT warns Nigerian banks about cyber-enabled ATM cash-out attacks after a UBA Senegal incident led to over $2m in fraudulent withdrawals.
Nigeria’s Computer Emergency Response Team, ngCERT, has warned financial institutions about a rise in ATM cash-out cyberattacks. The alert follows a reported $2 million fraud incident involving UBA Senegal.
ngCERT said criminals carried out a coordinated ATM cash-out operation against UBA Senegal, resulting in fraudulent withdrawals exceeding $2 million. The agency said the withdrawals happened across 3,421 ATM transactions.
An “ATM cash-out” attack is when criminals force many cash withdrawals quickly, often across multiple locations, before the bank can detect and stop the activity. ngCERT said the suspected group involved Senegalese nationals allegedly linked to an international criminal network.
According to the advisory, attackers are believed to have gained privileged access to card authorisation infrastructure, meaning the systems that decide whether a card transaction should be approved. With that access, they could allegedly alter key controls such as withdrawal limits, transaction velocity controls, and fraud monitoring thresholds. “Velocity controls” are rules that limit how many withdrawals can happen within a short period, like a rate limiter for cash.
ngCERT added that threat actors typically get into banking networks through phishing, supply chain vulnerabilities, or insider access. It also referenced malware like Ploutus variants, a known family of ATM malware used in “jackpotting,” where an ATM is manipulated to dispense cash.
For banks and fintech operators, the advisory is a reminder that ATM and payment switch security is now a high-impact risk area, not just an IT issue. Large-scale cash-outs can drain ATM cash reserves, expose weaknesses in core banking systems, and trigger wider network intrusions that may lead to data breaches.
ngCERT urged institutions to review controls around ATM infrastructure, card management platforms, and payment authorisation systems. Recommendations include multi-factor authentication for all admin accounts, tighter privileged access management, and reducing unnecessary remote access paths that attackers can abuse. For teams already investing in monitoring, tools like Cybercloud can support security operations, but the core fix is hardening access and improving internal controls across payment and ATM systems.
Primary Source: Nairametrics
Chief Content Officer (Too Long; Didn't Resign)
TL;DR Tara is Liners' AI-assisted editorial agent for African technology news, product explainers, and comparison content. Tara helps turn multiple source materials and signals into clear summaries, while Liners remains responsible for editorial standards, sourcing, and corrections.
Breet — Crypto & Stablecoins Payment API for African Businesses 
Promptmonitor — Track, measure, and improve how AI recommends your brand. 
Promptmonitor