The recent fraud incident where Sh1.5 billion was allegedly siphoned out of Equity Bank has raised serious concern regarding the bank’s internal controls and overall financial integrity. This theft which occurred on July 10 2024 has not only spotlighted the vulnerabilities within the bank’s operations, but also highlighted broader issues related to security and trust among its clientele.
The fraudulent activities were detected by the bank’s internal control department which noted a series of 47 suspicious withdrawals from the payroll account totaling Sh1.5 billion intended for employee salaries and benefits.
These funds were quickly transferred to multiple external accounts, raising red flags due to the absence of corresponding credits, which are standard in legitimate transactions. David Machiri the manager of the salary processing unit has been identified as a key figure in the fraud.
His credentials were reportedly used to authorise the transactions while he was on leave, leading to suspicions of collusion or gross sus negligence within the bank’s hierarchy. Following the discovery, the Directorate of Criminal Investigations initiated an inquiry, which has since escalated due to the severity of the allegations and the involvement of armed abductions related to the case.
The situation took a dramatic turn when Machiri and his father were reportedly abducted by armed individuals, further complicating the investigations. Witnesses described a coordinated attack involving multiple armed men, suggesting a level of organisation that raises questions about the motivations behind these actions-whether they are linked to the fraud investigations or other undisclosed matters.
Machiri’s lawyer says that his arrest and subsequent disappearance raises serious concerns about his safety and the legality of his detention. The DCI has sought arrest warrants against him, citing his failure to appear in court, while his lawyers claim he was unlawfully detained after being released on bond.
Many questions are being raised over the increased cases of fraud at Equity Bank with the bank’s reputation as one of Kenya’s largest financial institutions at stake.
Whether the fraud incidents are due to internal cyber security vulnerabilities, inside jobs by employees ог insurance claims related, the bank’s stakeholders are now asking hard questions as to why the banking sector regulator, the Central Bank of Kenya has not taken drastic measures against the bank.
It has to be remembered that this incident is not isolated as it follows another significant breach where hackers siphoned Sh179 million from 155 accounts within a week in April, further eroding customer confidence in the bank’s security measures.
Additionally, reports of over US$16 million lost due to fraudulent activities related to stock loans and agent float financing in Uganda have compounded these concerns. Stakeholders including customers and investors are increasingly
questioning the adequacy of Equity Bank’s financial systems and cyber security protocols.
The bank’s reputation as one of Kenya’s largest financial institutions is at stake, and the ongoing investigations are likely to have longlasting effects on its operations and customer trust.
The unfolding events surrounding the Sh1.5 billion fraud at Equity Bank underscores critical vulnerabilities in the bank’s operational integrity and security frameworks. As investigations continue, the bank faces immense pressure to restore confidence among its stakeholders and address the systemic issues that allowed such a significant breach to occur.
The outcomes of both the legal proceedings against Machiri and the broader investigations by the DCI will be pivotal in determining the future stability and reputation of Equity Bank in the Kenyan financial landscape. It also has to be noted that the latest heist at Equity Bank, comes after hackers were able to steal Sh179 million from 155 Equity Bank accounts within just seven days in April through a sophisticated attack involving Bin (bank identification number) manipulation.
A statement from the bank stated that between April 9-15, 2024, Sh179, 677,736 was fraudulently paid out from Equity Bank’s MasterCard GL to 551 Equity accounts and an additional Sh63,023,983 was sent to Safaricom MPesa and Sh39,047,344 to 11 other banks.
However, Equity Bank managed to block some of the stolen funds by locking the recipient accounts and working with Safaricom to trace the MPesa transactions, It is suspected that the hackers likely used a “Bin attack” which involves manipulating the first six digits of a credit card number (the Bin) to rapidly guess valid card details through trial-and- error on e-commerce sites.
This was not an isolated incident. Equity Bank has a history of being targeted by cybercriminals. In 2022, a 12-man gang including eight Kenyans was jailed in Rwanda for hacking Equity Bank accounts in Kenya and Uganda.
The bank’s cyber security systems have been criticised as vulnerable, making it an easy target for sophisticated hacking tactics like Bin attacks. The latest Sh1.5 billion theft highlights the need for Equity to bolster its security measures to protect customer accounts from determined cybercriminals.
During the Sh179 million heist, the hackers were able to evade detection for an extended period by using sophisticated techniques to infiltrate Equity Bank’s systems and cover their tracks. The hackers likely exploited unpatched vulnerabilities in Equity Bank’s systems and cover their tracks. The hackers likely exploited unpatched vulnerabilities in Equity Bank’s systems to gain initial access. Once inside the network, they could deploy advanced tools to further infiltrate and move laterally.
It is suspected that the hackers used obfuscation techniques to disguise their malicious code and evade detection by antivirus and security tools. This includes renaming files, modifying code to lower detection rates, and using living-off-the-land (LOTL) tactics to blend in with legitimate processes.
The hackers created persistent footholds in Equity Bank’s systems to maintain access even after restarts or reboots. This included using auto run files and other methods to create stealth backdoors that could be used to reinfect the network.
Rather than using easily detectable malware, the hackers are suspected to have abused legitimate applications and processes to slip past security unnoticed.
Equity Bank’s security tools may have been focused more on prevention than detection. Without robust end-point monitoring and threat hunting capabilities, the hackers could operate undetected for weeks or months before being discovered.
The sophistication of the attack highlights the need for Equity Bank to bolster its cyber security with advanced tools, better patching processes, and a layered defence- in-depth strategy. Relying solely on prevention is no longer sufficient against determined hackers who specialise in evading detection.
The Equity Bank fraud cases in Uganda and Kenya are part of a larger pattern of cybercrime targeting the bank across the region. One particularly notable incident occurred in Rwanda in 2019, where nine hackers, including eight Kenyans and one Ugandan, were arrested and jailed for hacking Equity Bank Rwanda and stealing millions of shillings. In October 2019, the Rwandan Investigation Bureau arrested a 12 men who included eight Kenyans, three Rwandans and one Ugandan.
The group was caught while attempting to hack into Equity Bank Rwanda’s systems to steal money from customer accounts. After a lengthy legal process that was delayed by Covid-19 restrictions, the nine foreign nationals were convicted in July 2021 on charges including unauthorised access to a computer system, theft, and forming a criminal association.
They were sentenced to eight years in prison and fined a total of 56.5 million Rwandan francs (approximately $55,600) to cover the bank’s losses and other expenses related to the crime.
The Kenyans convicted were Dedan Muchoki Muriuki, Samuel Wachira Nyuguto, Kinyua Erickson Macharia, Godfrey Gachiri Githinji, Eric Dickson Njagi Mutegi, Reuben Kirogothi Mwangi, Damaris Njeri Kamau and Steve Maina Wambugu. The Ugandan national was John Kibengo.
The hackers had been targeting Equity Bank branches across the region, working with insiders to identify accounts with large deposits. They wrote scripts to automatically transfer funds from these accounts to local accomplices who would then withdraw the cash.
In Rwanda, the gang attempted to hack using Equity’s Eazzy banking platform, but their activities were intercepted by the bank and authorities who had been alerted to their operations. This included the recruitment of Rwandans to help withdraw money from the compromised accounts.
The Rwanda convictions highlight the growing threat of cybercrime in the region, fueled by rapid technological development.
Cases in Kenya involving millions of shillings have implicated some of the the same individuals, showing the transnational nature of these criminal networks.
Experts have called for greater collaboration between regional states to effectively curb these cross- border cybercrimes. The Equity Bank incidents demonstrate the need for financial institutions to continually strengthen their cyber security measures to stay ahead of increasingly sophisticated hacking tactics. It is not clear why Equity Bank has not embraced the artificial intelligence and machine learning digital security protocols zero-day threats, which exploit previously unknown vulnerabilities. Information technology security experts say, Al and ML are the latest innovations to deter hacking and other IT vulnerabilities in the banking sector.
Some of the Al and ML strategies being deployed in the banking sector in the developed countries include statistical pattern recognition where ML algorithms can capture and analyse the statistical characteristics analyze the statistical characteristics of network traffic and system behaviour, enabling them to identify anomalies that may indicate a zero- day attack. This capability is crucial since traditional signature-based methods fail to detect attacks that do not have known signatures.
The other is adaptability which utilises machine learning models which evolve over time by learning from new data. This adaptability is essential for recognising new attack patterns as cyber threats continue to evolve. Techniques such as unsupervised learning allow models to identify unusual patterns without needing labeled data, which is often unavailable for zero-day threats.
There is also the diverse ML approaches where various ML techniques, including supervised learning, unsupervised learning, and transfer learning, have been applied to zero-day detection. For instance, auto-encoders and one-class SVMs have been used to detect anomalies in network traffic, achieving detection rates ranging from 75pc to 99pc in different studies.
Then there is the zero-shot learning which with recent advancements in zero-shot learning allow models to generalise from known attack classes to detect unseen attacks. This method enhances the ability to recognise zero-day threats by leveraging semantic mappings of known attacks to infer characteristics of unknown ones.
Other techniques includes feature engineering which involves designing effective feature vectors that capture the essential characteristics of both benign and malicious behaviour requires significant domain knowledge. Poorly designed features can lead to high false positive rates or missed detections.
It has to be emphasised that Al and ML technologies are effective tools for detecting zero-day threats, offering advanced capabilities that traditional methods lack. However, their effectiveness is hampered by challenges related to data availability, feature engineering, and evaluation methods.
Continued research and development are necessary to improve the robustness and reliability of ML- based detection systems, including creating standardised datasets for training and evaluation, which will enhance their application in real- world cyber security scenarios.
KenyanHour 