Financial institutions in French-speaking African countries have been targeted by cybercriminals for months. The hackers carried out their last attack in September 2022 and continue to pose a threat.

Researchers reported in November that a crew of French-speaking attackers, nicknamed “OPERA1ER”, had targeted financial institutions around the world, netting as much as over $30 million.

More recently, another cybercrime group, “Bluebottle,” reportedly targeted financial institutions in French-speaking Africa. Although it is difficult to link the two groups due to their different strategies, researchers have concluded that both actors may be the same.

Similarities between the two cybercrime groups include:

• the same set of tools
• lack of custom malware
• targeting industry- and region-specific domain names.

Researchers say the latest attacks may have been carried out with the help of phishing and spear-phishing. Some malicious files were executables disguised as PDFs and had French, non-threatening names, such as “job description.”

Cyberattacks on banks are on the rise

French-speaking parts of Africa are not the only ones dealing with cyber criminals. Financial institutions have become a target around the world. This industry is probably up to 300 times more vulnerable to attacks than any other.

Even now, European banks have to fend off attacks. In Denmark, both the central bank and private banks have been recently targeted by cybercriminals launching DDoS attacks to disrupt their services and render them useless to clients. The attacks were most likely the responsibility of pro-Russian hackers, who are also the cause of the country’s increased national threat level.

The Ukraine-Russia war has left its mark on financial institutions around the world. Pro-Russian cybercriminals are targeting banks in the U.S. and Europe, claiming to be fighting “neo-Nazis” who support Ukraine’s defense against unjustified invasion.

What are the biggest cyber threats in the financial industry?

Ransomware

Ransomware attacks account for a large portion of all cyberattacks initiated against financial institutions. Ransomware is a type of malware capable of encrypting important files so that they can no longer be used. Criminals using ransomware force their victims to pay them to recover data.

Social engineering

Those criminals who do not code or break into systems simply use humans. Workers in the financial industry are especially vulnerable to all kinds of scams. They can be tricked into revealing important data or letting the hacker into a closed system.

Attacks on suppliers

This is one of the most sophisticated and complex methods used by hackers. Instead of targeting institutions, they can target their software vendors and, for example, replace future updates with malware. This method allows hackers to profit from multiple organizations that happen to be their victim’s clients.

How can institutions protect themselves?

1. Limiting access to data. No organization should allow employers access to all of its confidential data. Each employee should only have access to the data necessary to perform their job. This limits the damage that can be done if the company is breached.
2. Constant threat monitoring. Banks do not sleep, and neither do hackers. It is important to perform threat monitoring and patch any loopholes immediately. Financial organizations can use professional software (firewalls, Intrusion Detection Systems) to monitor their networks.
3. Keeping in touch with partners. As stated earlier, software vendors and other partners can put organizations at risk. Financial institutions should frequently ask their providers and associates to assess their risks. This is especially important when it comes to software vendors responsible for solutions used by banks.
4. Staff training. In the age of social engineering attacks, it is crucial to know how to recognize and prevent them. Every employee who has access to confidential data should know how to use a VPN when working remotely (learn more), how to spot a phishing message, or what not to share on social media.
5. Backing up data. This sounds trivial, but some organizations do not care about backups. And as IT experts say, there are people who do backups and those who will start doing them. Copies of important files can be crucial when a ransomware attack occurs and everything is encrypted.

What about the clients?

Unfortunately, as their customer, you have little say regarding their security regarding banks and other financial institutions. You cannot control how they protect your data or what preventive measures they take.

You can, however, increase your online safety by deciding how to use financial services.

1. Use online banking wisely. If you want to secure your bank accounts, do not use them while connected to the web via unsafe public Wi-Fi. Hackers can infiltrate such networks, so wait until you can use a private, secure connection. If you have to use a public one – install a VPN to encrypt your data.
2. Shop smart. Some hackers create mirror sites of popular services (e.g., online stores) to trick people into using them instead of the real ones. Always make sure you are on an official, legitimate website when shopping. Check the address bar for typos and look for the padlock symbol to ensure the site uses a secure connection. Do not use links that were sent to you by unknown individuals.
3. Be aware of phishing scams. If someone has sent you an email saying that they need your sensitive data to check your account for potentially malicious activity – this is a scam. No bank employee will need your logins or passwords, so do not share them with anyone.
4. Use antivirus software. Some types of malware, e.g., keyloggers, can spy on you and steal your data by capturing your passwords, logins, etc. Hackers can later sell this information on the black market to access and clean out your bank accounts. Good antivirus software will protect you from files that could potentially hide malicious code.
5. Enable Multi-Factor Authentication. Enabling MFA wherever possible will keep your profiles and accounts more secure. To log in, you will have to use your credentials and an additional authentication method, like a single-use SMS code. This will keep your accounts safe, even if your laptop or phone is stolen.