GLOBAL SECURITY THREATS ALERT

1. Global Security Threat Alert – Windows 7 and older version security threats

The security intelligence from US National Security Agency (NSA) published on 5^th June 2019 revealed that various versions of old windows Operating Systems including Windows7 are highly susceptible to malware (Bluekeep) and ransomware attack. Hence Organizations across the globe are being warned and advised to urgently upgrade to more recent secure OS.

We recommend that concerned stakeholders that manages the organization’s IT infrastructures, computers systems especially servers and Automated Teller Machines (ATMs) should ensure that they are upgraded to a more recent compatible and secured version. The required security patches and antivirus updates are applied on all Windows Operating System accordingly.

2. Security Advisory – Threat Intelligence Keyboard Smash Testing Scheme

Threat intelligence has identified a common criminal scheme affecting North American acquirers and merchants recently. According to Visa Payment Fraud Disruption (PFD), this scheme has been operational since January 2019 and involves testing activity using numerous Card Acceptor IDs (CAIDS) —– Please see the detail in the attached CBN circular dated June 6, 2019.

3. Global security intelligence/threat updates revealed that;
   1. 5,432 cards were stolen between 20th May 2019 and 26th May 2019 from various financial institutions across the globe including Alpha, Arizona, American Express, Bankcomer, Banco, Bradesco,  Bank of America, Bank of Scotland, Barclays, Chase, Citi, Capital One, DBS, Gold, HSBC, ITAU, Metabank, Santander, Unicred, Wells Fargo etc.

4. 2. 9,093 cards were stolen between 9th May 2019 and 13th May2019 from various financial institutions across the globe including Banco, Bradesco, Bank of America, ITAU, HSBC, American Express, Barclays, ABSA, Well Fargo, CHASE BANK USA, Unicred. Metabank, Citi etc.

 We recommend that all financial organizations should ensure that the card data environment (CDE) are monitored and protected against unauthorized access and transfer of data. They should adhere with the PCIDSS framework and secure the entire network from hacking and cyber-attack.