In the last five years, cyber criminals have found a way effective, accelerated and low cost to obtain large amounts of & # 39; money to attack the financial sector in Latin America, including Mexico, Including with regard to the execution of & # 39; more complex attacks that require more time.
"The systems & # 39; pay in Latin America and Mexico have become the new target & # 39; attackers to see that it's really easy to make fraudulent transactions derived from exploiting & # 39 ; vulnerabilities in & # 39; web service ", said Miguel Ángel Mendoza, laboratory security researcher at ESET Latin America, f & # 39; interview to El Financiero.
After eight years of & # 39; attempts, the "cyber criminal" hitting the nail through the vector of & # 39; attack called exploitation & # 39; vulnerabilities, Which managed to take advantage of the failures in the financial sector systems, such as violations recorded in respect of the Interbank System & # 39; Payment Electronic (SPEI) in Mexico carried out by groups b & # 39; features & # 39; Advanced Persistent Threat (APT, for its acronym in Spanish). The English)
El Financiero published on 14 & # 39; May during the attacks perpetrated in & # 39; April there would be theft & # 39; about 400 million pesos, which Banorte was the most affected by bank & # 39; & # 39 amount, 150 million pesos.
"We have seen now the cybeques are targeted and focused on the extraction of money. These are complex methods of quickly gaining higher figures than if done by campaigns & # 39; phishing or techniques & # 39; Disclaimer & # 39; Service (DoS) (other types & # 39; attack), because the results are slower and lower ", explained the specialist.
In 2018, 92 percent & # 39; banking institutions in Latin America have suffered cyber attacks, According to data from the Organization & # 39; American States (OAS). Mexico, Uruguay, Chile and Ecuador are among the countries most affected before this type of & # 39; violations. The total number of & # 39; loss in the unknown region.
In the case of Mexico, although not directly SPEI broken, cyber attackers suffered damage to infrastructure whereby banks join web system.
"That does not mean it will always be so, probably later be able to find a way to do it. S & # 39; now, weaknesses in the way operations are carried out, or the same institution process have been identified, in technological infrastructure or by & # 39; attack on the supply chain service provider ", explained the researcher.
Reality can not be closed, according to ESET studies, is that vulnerabilities have become one of the main doors & # 39; access for cyber, knowing that – The risk of being arrested in the region is very low.
In 2017, 14,700 were registered vulnerability, which had a maximum in the region and represent a historic double those reported in 2016, according CVE details.
The f the & # 39; & # 39 with this; this report, the attacks on the banking infrastructure is emerging as a trend that will increase by & # 39; & # 39 modes, sophisticated action, According to estimates by the World Economic Forum.
Why? Basically, Mexico and the rest of Latin America in both unprotected & # 39; terms & # 39; legislation as well & # 39; cybersecurity f & # 39; various digital sectors.
Therefore, it is necessary within the digital governance in the region is proposed:
effective legislative framework to cover the area, And on the other hand, banks are protected significant budgets in cybersecurity, Physical security, operations and controls & # 39; trust.
"Specifically, standardization is needed to achieve the same level & # 39; security of web infrastructure, processes and operations through & # 39; of & # 39; Cyber Security and & # 39; response teams Centers highly trained accidents ", said Mendoza.
Registration & # 39; these incidents in Europe has & # 39; down from implementing the General Regulation on Data Protection (GDPR).
"By the time this law, everyone was forced to create tools and change their notices of privacy incorporating measures implied all compliance. It required & # 39; GDPR & # 39; in Mexico to each bank knows how to respond. "
The extraordinary cybertacks seen already become common and represent one of the three biggest risks to global economy, Priority should therefore be part of the agenda of governments and banking institutions.