ACDT warns Banks in Ghana of Cybercrime Risk Following CrowdStrike Software Update Defect.
On Friday, 19th July, 2024, there was a global massive tech failure affecting CrowdStrike and Microsoft which had significant repercussions on many countries, including Ghana. The disruption was caused by a software update from CrowdStrike, the cyber–security firm admitted that the problem was caused by an update to its antivirus software, which is designed to protect Microsoft Windows devices from malicious attacks which rather led to widespread system failures and impacted various sectors such as banking, aviation, and healthcare globally.
The defect in CrowdStrike’s software update had a massive impact on Windows systems at numerous organizations, making it too good an opportunity for cybercriminals to pass. Microsoft confirmed on their website that the faulty update affected 8.5 million Windows devices worldwide. The damage happened in 78 minutes between 04:09 UTC and 05:27 UTC.Â
Despite the low percentage of affected systems and Crowdstrike’s effort to correct the issue quickly, the impact was huge. Computer crashes led to thousands of flights being cancelled and disrupted activity at Banks.
The Africa Center for Digital Transformation [ACDT] seeks to caution all Banks, Saving and Loans institutions and Rural banks in Ghana against a fake Crowdstrike Hotfix update that installs the Remcos RAT. The fake hotfix is being promoted through a phishing site (portalintranetgrupobbva[.]com) which pretends to be a BBVA intranet portal. Enclosed in the malicious archive are instructions suggesting to most banks to install the update to avoid errors when connecting to the Bank’s internal network.
ACDT’s Cyber Security unit also identified that there is an emerging group of cyber attackers, distributing a data wiper under the pretense of delivering an update from Crowdstrike.
 decimates the system by overwriting files with zero bytes and then reports it over.
Banks, Savings and loans and Rural Banks in Ghana that are using antivirus from CrowdStrike and Microsoft Azure must be aware that there are a number of threat actors that are impersonating Crowdstrike in emails Banks use to distribute the data wiper.
The threat actors impersonate CrowdStrike by sending emails from the domain ‘crowdstrike.com.vc’,telling banks that a tool was created to bring Windows Systems back online.
POSSIBLE SOLUTIONS.
The Africa Center for Digitl Transformation [ACDT] strongly believes that safeguarding the cyber- operations of financial institution post the recent global IT outage that affected CrowdStrike and Microsoft requires a multi-faceted approach. In response to the global IT outage on July 19, 2024, banks using CrowdStrike and Microsoft Azure cybersecurity software can take several reactive measures to mitigate the impact and enhance their resilience with the following possible solutions.
- Activate Backup Systems and Redundancies:
- Switch to backup servers and data centers if primary systems are affected.
- Ensure that critical operations can continue using alternate systems or manual processes if necessary.
- Implement Business Continuity Plans (BCP):
- Activate predefined business continuity plans that include steps for maintaining operations during IT outages.
- Ensure that all employees are aware of their roles and responsibilities during such incidents.
- Enhance Communication:
- Maintain clear communication channels with customers, informing them of the outage, its impact, and expected resolution times.
- Use multiple communication methods (emails, SMS, social media) to keep customers updated.
4. Engage Incident Response Teams:
- Deploy dedicated incident response teams to address the outage, identify the root cause, and implement remediation measures.
- Coordinate with CrowdStrike and Microsoft support teams for timely resolution.
5. Monitor Systems and Security:
- Continuously monitor IT systems for any anomalies or security threats that could arise during the outage.
- Ensure that cybersecurity measures remain robust and operational to prevent exploitation by malicious actors.
6. Conduct Post-Outage Analysis and Reporting:
- Perform a thorough analysis of the outage to understand its cause and impact.
- Prepare detailed reports for internal review and regulatory compliance, if necessary.
7. Customer Support and Assurance:
- Provide additional customer support to handle inquiries and concerns related to the outage.
- Reassure customers about the safety and security of their data and the measures taken to protect their interests.
8. Review and Update Contingency Plans:
- Evaluate the effectiveness of current contingency plans and update them based on lessons learned from the outage.
- Conduct regular drills and simulations to ensure readiness for future incidents.
9. Collaborate with Industry Partners:
- Engage with industry partners and peers to share information about the outage and collaborate on best practices for managing such incidents.
- Participate in industry forums to stay updated on the latest developments in IT resilience and cybersecurity.
10. Invest in IT Resilience: Consider investing in additional IT resilience measures, such as more robust disaster recovery solutions and diversified cloud service providers.
The Africa Center for Digital Transformation [ACDT] strongly recommends that by taking these steps, banks in Ghana can mitigate the impact of the outage, maintain customer trust and improve their preparedness for future incidents.