In the last five years they have found a way to cybercriminals efficient, accelerated and low cost, to obtain large amounts of money to attack the Latin American financial sector, including Mexico, even more complex attacks that require more time.
"Latin America and Mexico's payment system has become a new target for attackers to easily convert transaction fraud into exploitation of web services weaknesses," said Miguel Ángel Mendoza, security researcher at ESET Latin America's laboratory, in El Financiero.
After eight years, the "cybercriminals" nails hit the vector The attack is called exploitation of weaknesses, which made it possible to make use of the deficiencies in financial sector systems, such as the Electronic Payment System (SPEI), Mexico, registered violations, according to the characteristics of the Persistent Advanced Threat (APT). English).
El Financiero published on May 14 the robbery of around 400 million pesetas during the attacks in April, which resulted in the Banorte bank being the highest amount of $ 150 million.
"We have seen cybeques focused on targeting and extracting money. These complex methods achieve more complex methods, as phishing campaigns or Service Denial Techniques (DoC) techniques are more rapidly achieved, because the results will be slower and smaller." explained the specialist.
In 2018, The percentage of Latin American banking institutions suffered a hundred percent attacks, According to data from the Organization of American States (OAS). Mexico, Uruguay, Chile and Ecuador are among the most affected countries before this type of violation. The number of loss of the region is unknown.
In the case of Mexico, even though SPEI was not violated directly, cyber attackers were damaged by this infrastructure, by connecting the banks to the web system.
"This does not mean that this will always be, they will probably find a way later. Until now, crafts have been identified in how operations are carried out through the same institutional process, through a technological infrastructure or through a supply chain of the service provider," he explains. researchers
This is a magnificent reality, according to ESET studies weaknesses have become one of the main access pointsThose who use cybercrime know this The risk in the region is very small.