Over the past five years cybercriminals have found a habit efficient, accelerated, and inexpensive to attract large sums of money that hit the financial sector in Latin America, including Mexico, even if it is more complex attacks that require more time.
"The Latin American and Mexican payment systems have become a new way for attackers to find that it is really easy to make fraudulent exploits of online services," says Miguel Ángel Mendoza, security researcher ESET Latin America, in an interview with El Financiero.
After eight years of entrepreneurship, "cybercrime" hit the nail through the vector an attack called "exploitation of vulnerabilities", by which they managed to exploit the failures of financial sector systems such as violations registered by the Mexican National Electronic Payments System (SPEI), carried out in Persistent Advanced Threat (APT) in Spanish. English).
On May 14, El Financiero published a report about the plundering of about 400 million pesos during the attacks in April, of which Banorte was the most affected bank of 150 million pesos.
"We've seen that cybeques are currently targeted and focused on removing money – these are complicated methods that will help them get higher figures faster than if they were implemented through phishing campaigns or denial-of-service attacks (other attack types), as results would be slower and smaller, .
In 2018, 92 percent of Latin American banking institutions suffered from online attacks, According to the United States Organization (OAS). Mexico, Uruguay, Chile and Ecuador are among the countries that have suffered the most before such violations. The total number of losses in the area is unknown.
In the case of Mexico, even if SPEI was not directly violated, cybercriminals damaged the infrastructure through which banks connect to the web system.
"It does not mean that there will always be such a thing, probably later they will find a way to do it." Fewer has been discovered so far how the operation is carried out either through the same institution's process, technical infrastructure or attack on the supply chain's supply chain, "he explained.
According to ESET studies, this is an unquestioned reality Vulnerabilities have become one of the key doorwayscybercriminals who know that The risk of detention is very low.