Mexico cenbank reveals details of April cyberattack
A massive cyberattack in April against several Mexican financial institutions never put account holders' money at risk, as it targeted the banks' centralized interbank transfer accounts. But the attackers had deep knowledge and access to the banks, a report by the country's central bank revealed.
In late April several Mexican banks were hit by cyberattacks that exploited vulnerabilities in the country's electronic interbank money transfer system (SPEI), allowing criminals to abscond with the equivalent of US$15mn. The attacks exposed the local financial system's lack of preparedness for cybercrime, with even the central bank rushing to create a cybersecurity unit in its aftermath.
Central bank governor Alejandro Díaz de León said during a press conference on Wednesday that a forensic report published this week on the event showed "certain common factors to the attack strategy."
"We are exposed at any moment, in any circumstance, to a cyberattack," he added, praising banks for not lowering their guard. Recently other financial institutions have been prey to phishing attacks.
The central bank, he said, has been taking action to improve corporate government involvement at the banks' level as well as to see how to avoid that virtual assets (such as cryptocurrencies) and the companies that offer them in the market "become a vehicle to facilitate cyberattacks."
The report suggested the possibility of an inside job. "The modus operandi ... required that the attackers had a deep knowledge of the technological infrastructure and the processes of the attacked institutions, as well as access to them," it said.
The attack consisted of three main parts: the first being the introduction of counterfeit transfer orders in the banks' flow that did not originate from the clients' account management systems, which prevented them from being logged on to their accounts.
The money of account holders was never at risk because the orders only targeted transfers from the banks' own centralized transfer accounts designed to interact with the SPEI system.
Another element identified was the use of valid beneficiary accounts, with valid amounts, the report added. Mexicans transferring money to other banks have to register valid beneficiary accounts as well as the maximum amount of money allowed for each operation. The banks have the ID data of those beneficiaries on file, which could help with the forensic probe, it said.
Rafael Revert, CTO and co-founder of Panama-based Cyttek Group, recently told BNamericas that the cyberthieves created duplicate transactions on the SPEI that were then diverted to the personal accounts of around 140 to 160 collaborators, who would receive deposits of 99,000 pesos (US$5,300).
"The 'mules,' or account holders, are known. What is not known is whom they gave a percentage of the transaction to," says Revert, who believes a Mexican drug cartel may be behind the cybercrime.
In effect, the central bank report says that the criminals wiped their digital fingerprints after the attacks. "This points to a professional attack which took advantage of vulnerabilities in the computer security of those institutions," it added.
The attack, the central bank said, was not directed at the SPEI transfer mechanism core system or any of its infrastructure, but at taking advantage of vulnerabilities within the banks, using the SPEI system's expedite nature. "It was not intended to make the SPEI inoperable or to penetrate the central bank's defenses," it added.
Following the attack, and to mitigate the risks of further attacks on the SPEI, the central bank announced it will review interbank transfers of over 50,000 pesos, which before the attacks were processed in about five seconds.
Subscribe to the leading business intelligence platform in Latin America with different tools for Providers, Contractors, Operators, Government, Legal, Financial and Insurance industries.
News in: ICT (Mexico)
Dell working on genAI projects with Latin American banks, agribusiness, telcos
In a separate initiative, the company is negotiating the expansion of Petrobras’ Gaia supercomputer, BNamericas was told.
GigNet to Provide High-Speed Broadband to the Selva Escondida II Residential Development by Grupo Miraro
Major New Residential Project in the Puerto Morelos Community Pairs Real Estate Developer with Over 30 Years of Experience in Mexico and GigNet’s L...
Subscribe to Latin America’s most trusted business intelligence platform.
Other projects in: ICT
Get critical information about thousands of ICT projects in Latin America: what stages they're in, capex, related companies, contacts and more.
- Project: SQROQT01 Data Center
- Current stage:
- Updated:
4 months ago
- Project: SMEXSJ04 Data Center
- Current stage:
- Updated:
4 months ago
- Project: SMEXSJ03 Data Center
- Current stage:
- Updated:
4 months ago
- Project: Carnival Submarine Network-1 (CSN-1)
- Current stage:
- Updated:
4 months ago
- Project: Once Datacenter (ST01)
- Current stage:
- Updated:
5 months ago
- Project: SMEXSJ01 Data Center
- Current stage:
- Updated:
5 months ago
- Project: Sumaré Data Center Expansion 5
- Current stage:
- Updated:
5 months ago
- Project: Sumaré Data Center Expansion 4
- Current stage:
- Updated:
5 months ago
- Project: Sumaré Data Center Expansion 3
- Current stage:
- Updated:
5 months ago
- Project: CloudHQ Paulínia Data Center (GRU Technological Campus) - Second Stage
- Current stage:
- Updated:
5 months ago
Other companies in: ICT (Mexico)
Get critical information about thousands of ICT companies in Latin America: their projects, contacts, shareholders, related news and more.
- Company: Hansam, S.A. de C.V.
- Company: AT&T Comunicaciones Digitales, S. de R.L. de C.V.  (AT&T México)
-
AT&T Comunicaciones Digitales S. de R.L. de C.V., (AT&T Mexico) is a local subsidiary of US telecommunications holding company AT&T Inc., and it provides voice and broadband ser...
- Company: Sitios Latinoamérica, S.A.B. de C.V.  (Sitios Latam)
-
The description contained in this profile was taken directly from an official source and has not been edited or modified by BNamericas researchers, but may have been automatical...
- Company: Tata Consultancy Services de México, S.A. de C.V.  (TCS México)
-
Tata Consultancy Services de México, S.A. de C.V. is the local unit of Tata Consultancy Services Ltd. The company started operations in Mexico City in 2003 and actually offers a...
- Company: Alestra S. de R.L. de C.V.  (Alestra)
-
Alestra S. de R.L. de C.V. (Alestra) participates in the market of communication and information technologies in Mexico since 1996. Based in the City of Mexico, Alestra operates...
- Company: Wiwynn México, S.A. de C.V.  (Wiwynn México)
-
The description included in this profile was taken directly from an official source and has not been modified or edited by the BNamericas’ researchers. However, it may have been...
- Company: Assa Abloy Global Solutions Mexico S.A. de C.V.  (Assa Abloy Global Solutions – Critical Insfrastructure Mexico)
-
The description included in this profile was taken directly from an official source and has not been modified or edited by the BNamericas’ researchers. However, it may have been...
- Company: Google Cloud Latinoamérica
- Company: GESAB S.A. de C.V.  (GESAB México)
-
GESAB specializes in the design, manufacture and installation of technical furniture for projects involving Command and Control Centers, IT Data Processing Centers, Audiovisual ...