Mexican Bank Hack Led To A Cash Flight

Uploaded on 2018-05-30 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Several Mexican banks experienced large cash withdrawals in recent weeks after possible cyber attackers infiltrated some financial institutions, triggering unauthorised money transfers, the central bank said in an interview.

Banco de Mexico has zeroed in on five financial institutions whose external connection to the central bank’s electronic payment system was compromised, Lorenza Martinez, the central bank’s head of operations said. The vulnerability let money be illegally siphoned from “fake accounts” at those firms and led to several large cash withdrawals from other banks, she said.

The five banks and brokers are working with Mexico’s attorney general to determine whether organised criminals helped orchestrate a possible attack, but Banxico is not involved in those investigations, Martinez said. 

She declined to name the affected companies and said it’s too early to tell how many actors are behind the incidents. A representative for the attorney general didn’t immediately comment to a request made outside of normal business hours.
Recently the monetary authority asked some lenders to connect to its payment transfer network using a back-up scheme after a suspected cyber-attack disrupted some transfers. The measures have caused slowness in transfers for many consumers.

Now, more than 20 Mexican financial institutions have enacted back-up plans.

Clients at Citibanamex have reported that the lender’s ATM networks, credit and debit cards payments and online banking services are down, El Financiero reported Sunday. Citibanamex said in a statement to El Financiero that it’s working to restore services.

Grupo Financiero Banorte, Banco del Bajio SA and Banco del Ejercito were banks that had been directly targeted in the suspected cyber-attack. 

The payment system, known as the SPEI, was established in 2004 and lets users electronically transfer money between deposit accounts through a private, encrypted network operated by Mexico’s central bank.

While vulnerabilities were discovered at the end of April 2018, at least one bank experienced an incident as recently as early May, Martinez said. Some of the cash was withdrawn from accounts that had just recently been opened, she said.

The central bank is also probing whether the affected banks and brokerages were complying with security regulations and will ask banks to undergo more frequent stress tests in the future to ensure they can more quickly connect to the SPEI through its back-up network the next time there’s an attack.

Information-Management:

You Might Also Read:

Russian Hackers Steal $10M From Banks:

SWIFT Says Bank Cyber Attacks Are Here to Stay:

 

« Is The US Heading Toward A Cashless Economy Via Blockchain?
A Cyber Attack Could Cripple The UK »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Digital Forensics Inc (DFI)

Digital Forensics Inc (DFI)

Digital Forensics Inc. is a nationally recognized High Technology Forensic Investigations and Information System Security firm

Romanian Association for Information Security Assurance (RAISA)

Romanian Association for Information Security Assurance (RAISA)

RAISA promotes and supports information security activities and creates a community for the exchange of knowledge between specialists, academic and corporate environment in Romania.

IBLISS Digital Security

IBLISS Digital Security

How cyber-resilient is your business now? We help companies to continuously answer this never-ending C-level question.

RCMP National Cybercrime Coordination Unit (NC3)

RCMP National Cybercrime Coordination Unit (NC3)

As set out in the Government of Canada's National Cyber Security Strategy, the RCMP has established the National Cybercrime Coordination Unit (NC3).

Center for Cyber & Homeland Security (CCHS)

Center for Cyber & Homeland Security (CCHS)

The Center for Cyber and Homeland Security at Auburn University is a nonpartisan think tank that works to develop innovative strategies to address current and future threats to the United States.

Cyber Science

Cyber Science

Cyber Science is the flagship conference of C-MRiC, focusing on pioneering research and innovation in Cyber Situational Awareness, Social Media, Cyber Security and Cyber Incident Response.

Evanston Technology Partners (ETP)

Evanston Technology Partners (ETP)

ETP provides services and solutions to enable and transform businesses in the areas of cybersecurity, data protection, and efficient operations practices.

Aergo

Aergo

Aergo offers an easier and more proven way to adopt blockchain and transform your business while building on your existing IT and cloud assets.

KrCERT/CC

KrCERT/CC

KrCERT/CC is the National Computer Emergency Response Team in Korea.

Presidio Identity

Presidio Identity

Presidio Identity offers a digital-native approach that brings security, privacy, and simplicity to user authentication and digital interactions.

Druva

Druva

Druva is the industry’s leading SaaS platform for data resiliency, and the only vendor to ensure data protection across the most common data risks backed by a $10m guarantee.

Bluewave

Bluewave

Bluewave are a strategic IT advisory company that offers businesses a simple and comprehensive way to purchase information technology solutions.

LaScala

LaScala

LaScala is an IT Managed Services provider delivering technical, security, and compliance solutions with dedication, compassion, and agility.

Quotient

Quotient

Quotient builds digital experiences that empower and inspire the American people by understanding their needs, simplifying complex technical solutions and adapting to how they work, live and learn.

Verosint

Verosint

Verosint (formerly 443ID) provides real-time account fraud prevention that reveals fraudsters hiding in user accounts and proactively blocks them before their attacks can cause harm.

Liverton Security

Liverton Security

Liverton Security is a New Zealand-owned cyber security provider offering consultancy and security-related products to government and commercial customers throughout New Zealand.