Incident Of The Week: Hackers Tap Into Mexican Banks, Lift $15M



Dan Gunderman
05/18/2018

In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.

Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. CSHub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.

In this edition of “Incident of the Week,” we examine a suspicious cyber-attack which reportedly siphoned 300 million pesos ($15.33 million) from five companies (three banks, a broker and a credit union) in Latin America’s second largest economy, Mexico.

‘Irregular Transactions’

On Wednesday, the nation’s central bank confirmed fraudulent transfers from the five institutions. According to Reuters, it’s unknown how much money the cyber-criminals were able to withdraw in cash.

Bank of Mexico Governor Alejandro Diaz de Leon said the “irregular transactions” amounted to the 300 million peso mark, in preliminary estimates. Some of it, however, could still be accessed by the thieves.

See Related: Incident Of The Week: 15K Accounts Breached At U.K. Credit Union

Diaz de Leon said authorities were investigating how the cyber-criminals carried out their heist – in leveraging bank connections to the payment system to create false orders. The affected companies have yet to be identified. Authorities are carrying out a full investigation to monitor, and close, vulnerabilities.

Adversary Cyber Security

Imposing a Wait Period

In the immediate aftermath, the nation established a one-day waiting period on electronic transfers of over $2,500, according to reporting from the Associated Press. The bank issued a memo saying these institutions could pay out transfers for known customers, but imposed the wait period for others.

This domestic payment system, called SPEI (which is similar to SWIFT, which is responsible for trillions of dollars), is not said to be compromised, meaning depositors’ funds are not in danger.

See Related: Incident Of The Week: Suspected DDoS Attack Disables Co. Site On Election Day

The cyber-crooks went on to withdraw sums from dozens of banks around the country following the transfers. Authorities were reportedly alerted to the possibility of a heist after transfers slowed down in late April. The bank then took two weeks to confirm an attack.

According to Reuters, Diaz de Leon said, “We are very conscious that this has affected users, and we are sorry about that and we are taking immediate actions to recover the speed of the system with full security.”

Security Ramp-Up

In the wake of this unfortunate raid on the central bank, the institution plans to create a new information security unit to monitor and issue guidelines.

The bank reportedly has a cyber security unit (since 2013) that found increased importance following the exorbitant Bangladeshi heist of 2016 – which saw that nation’s central bank hemorrhage $81 million.

The $80M Crime

Details of the 2016 cyber-assault in Bangladesh are equally as staggering, as the thieves employed similar withdrawal tactics. According to Bank Info Security, attackers used malware to hack SWIFT software, allowing them to transfer money and clean up behind them.

The attacker(s) reportedly made 30 SWIFT requests on Feb. 5, 2016, with the SWIFT code. The aim: to transfer $1 billion from a bank’s account at the U.S. Federal Reserve in New York. Five transfers went through, and the attacker(s) lifted more than $80 million.

Be Sure To Check Out: Financial Sector Security Remains At Forefront, Will Steer Cyber Policy