Content, Breach

Five Mexican Banks, Financial Groups Hit by Cyber Crooks, Millions of Pesos Stolen


Five Mexican financial institutions have lost as much as $20 million in bogus money transfers that appears to be the work of cyber gangsters.

The crooks reportedly sent hundreds of fake orders to funnel 300 million to 400 million pesos ($15 million to $20 million) to fraudulent accounts in other banks, sources told Reuters, and subsequently drained those accounts via cash withdrawals. The heists don’t appear to mirror the cyber attacks on the SWIFT messaging system that have targeted a number of banks and financial institutions worldwide. Mexico’s 14-year old SPEI interbank transfer system, the country’s equivalent to SWIFT, has not been directly affected, Lorenza Martinez, head of the Bank of Mexico's (Banxico) payment system, told Reuters.

SPEI, which is administered by the central bank, enables electronic transfers of funds via a private, encrypted network.

As is becoming the modus operandi used by cyber gangsters to infiltrate high stakes targets, it is software developed by third-party providers to connect to SPEI that seems to be the door opener here, Martinez apparently said. She stopped short of characterizing the incidents as cyber attacks. "At this time, we cannot reject any hypothesis," she reportedly said. "It was something done on purpose, but how it was done, we are in the process of finding out."

The flaws were discovered about two weeks ago, reports said. There’s some suspicion concerning whether or not the affected banks and financial institutions adhered to the proper security lockdowns. And, owing to the unusually large amounts of the transfers, there’s some questions if insiders helped the robbers.

Because the funds transfers hit accounts of financial institutions in the central bank, no customers were victimized. The central bank evidently has identified five undisclosed Mexican financial institutions whose third-party connection to the SPEI system was compromised by a software vulnerability that was exploited in the caper, Bloomberg reported. Those five financial organizations are collaborating with Mexico’s attorney general to investigate who's behind the burglaries, including the possibility of cyber gangsters or other forms of organized crime. Banxico is not involved in the investigation, Martinez told Bloomberg.

Grupo Financiero Banorte, Banco del Bajio SA and Banco del Ejercito are banks that had been directly targeted in the suspected cyber attack, an earlier Bloomberg report said. Clients at Citibanamex have reported that the lender’s ATM networks, credit and debit cards payments and online banking services are down, according to an El Financiero report on Sunday, Bloomberg said.

Two weeks ago, Banxico asked some bankers and financial institutions to enact backup plans to connect to the SPEI network following a cyber attack that interfered with some banking transfers. Some 20 Mexican financial organizations have now built back up systems, the report said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.