Cyber Thieves Steal Millions from Mexican Banks

Another massive cyberattack ravaged Mexican banks in an attack earlier this year. The thieves created hundreds of false orders that wire-transferred funds to fake accounts and then immediately withdrew the money. Then these thieves sent hundreds of fake orders to move money to fake accounts in other banks. The complete extent of the cyber fraud remains unclear. Anonymous sources noted in the press have identified the stolen amounts as ranging from 300 million pesos to as much as 400 million pesos. The SPEI® attack is similar in some ways to the SWIFT® attacks. The Society for Worldwide Interbank Financial Telecommunications (SWIFT) is basically a communication and messaging network for financial institutions. SWIFT transmits information and instructions through a standardized system of codes and is often used in support of business accounts. SPEI is a system developed and operated by Banco de México that provides similar services to both commercial and business customers to enable secure electronic funds transfers, via the bank, the Internet, or mobile banking. Both systems allow money to be quickly transferred electronically between bank deposit accounts. Depending on the amounts being transferred, each system has points of human intervention that are designed to re-verify the transaction above and beyond electronic authentication. In order to execute this attack, the attackers had to penetrate the network and gather authentications. It would seem they were resident in the network for some period of time and likely watched network transactions, approval authority, and more. This is a high-end attack and required expensive and sophisticated cyberattacker resources. This sort of attack, since it takes so much time to plan and execute, was most likely funded by organized crime as a targeted and directed attack. This is a full-time business for organized crime – they have funded a relentless and continual assault on financial institutions worldwide. Money transfer of large dollar amounts is the holy grail for them – almost the perfect and completely unattributable crime. Cybersecurity strategies based upon protecting the perimeter through sophisticated firewalls and endpoint defense alone are insufficient. Recent news shows us that despite such formidable defenses, cyberattackers are succeeding at an ever-increasing rate. Part of the problem with most financial institution networks is that they consider a user, once inside the network, to be trusted. That is, you have continual and unfettered access to network resources and traffic, you can move through the network laterally, and so on. Banking systems can be protected by adding additional layers to your current cyberdefense strategy to deploy a Zero Trust environment. Zero Trust allows no more privileges to someone within the network than they do to someone outside of the network. Zero Trust technologies, such as two-factor authentication for the users, device authentication for the platforms, and the use of end-to-end “edge” encryption in all applications, will minimize internal user access to move through the internal networks and can make this sort of attack much more difficult to impossible to execute. Further, in the event that they gain access to a system’s data without correct authorization, the data will be useless to them due to being encrypted, and, thus, the attack will fail. CipherCloud can help. We have experience serving and protecting the largest financial institutions in the world. Ask us how. Find out more.

*** This is a Security Bloggers Network syndicated blog from CipherCloud CASB+ Platform | Enterprise Cloud Security authored by CipherCloud. Read the original post at: https://www.ciphercloud.com/blog/cyber-thieves-steal-millions-from-mexican-banks