In the last five years, cyber criminals have found a way effective, accelerated and low cost to obtain large amounts of & # 39; money to attack the financial sector in Latin America, including Mexico, Including with regard to the execution of & # 39; more complex attacks that require more time.
"The systems & # 39; pay in Latin America and Mexico have become the new target & # 39; attackers to see that it's really easy to make fraudulent transactions derived from exploiting & # 39 ; vulnerabilities in & # 39; web service ", said Miguel Ángel Mendoza, laboratory security researcher at ESET Latin America, f & # 39; interview to El Financiero.
After eight years of & # 39; attempts, the "cyber criminal" hitting the nail through the vector of & # 39; attack called exploitation & # 39; vulnerabilities, Which managed to take advantage of the failures in the financial sector systems, such as violations recorded in respect of the Interbank System & # 39; Payment Electronic (SPEI) in Mexico carried out by groups b & # 39; features & # 39; Advanced Persistent Threat (APT, for its acronym in Spanish). The English)
El Financiero published on 14 & # 39; May during the attacks perpetrated in & # 39; April there would be theft & # 39; about 400 million pesos, which Banorte was the most affected by bank & # 39; & # 39 amount, 150 million pesos.
"We have seen now the cybeques are targeted and focused on the extraction of money. These are complex methods of quickly gaining higher figures than if done by campaigns & # 39; phishing or techniques & # 39; Disclaimer & # 39; Service (DoS) (other types & # 39; attack), because the results are slower and lower ", explained the specialist.
In 2018, 92 percent & # 39; banking institutions in Latin America have suffered cyber attacks, According to data from the Organization & # 39; American States (OAS). Mexico, Uruguay, Chile and Ecuador are among the countries most affected before this type of & # 39; violations. The total number of & # 39; loss in the unknown region.
In the case of Mexico, although not directly SPEI broken, cyber attackers suffered damage to infrastructure whereby banks join web system.
"That does not mean it will always be so, probably later be able to find a way to do it. S & # 39; now, weaknesses in the way operations are carried out, or the same institution process have been identified, in technological infrastructure or by & # 39; attack on the supply chain service provider ", explained the researcher.
Reality can not be closed, according to ESET studies, is that vulnerabilities have become one of the main doors & # 39; accessfor cyber, knowing that – The risk of being arrested in the region is very low.