Cyberattack to banks: challenges posed by cybersecurity

Towards the end of last April it came to light that Mexico’s financial system had been the victim of a cyberattack in which cybercriminals stole a figure close to 300 million pesos. In relation to this cyberattack, ESET, leader in proactive threat detection, analyzed some questions that left the incident and other issues that serve to understand what are some of the challenges in the short and long term to address the issue of cybersecurity.

“There is no doubt that the attacks on the banks are increasing, albeit under different modalities. The first recorded attacks focused on denial-of-service (DoS) techniques aimed at leaving institutions out of business, but then focused on the use of malicious code, along with other tools, on the infrastructure Technology to carry out cyber thefts; Including ATMs that can be compromised for the extraction of money, ” Miguel Ángel Mendoza, specialist in computer security of ESET Latin America, mentioned.

At the beginning, the Bank of Mexico’s interbank Electronic Payment system (SPEI) began to report some degradations in the interbank transfer service. As the investigation advanced, it was publicly known that it was the result of a cyberattack and that the attackers managed to make unauthorized transfers to accounts created for this purpose and accounts of legitimate users.

Later, in a complex network of participants, some of these funds would have been extracted in different locations through ATMs or windows. Sources such as the financier revealed that the attackers contacted legitimate account users to transfer some of the stolen money and also to contribute to the process of withdrawing the money, in exchange for a payment for their participation.

“It is difficult to quantify the costs of a cyberattack for some financial institution, since the impact is not only economic, but also involved other elements that hinder weighting, such as damage to the image and reputation of organizations, Loss of trust in the institution and even the loss of potential customers. Therefore, the cost of a cyberattack for an institution could represent a rather greater figure than the amount extracted by the attackers “, Explained Mendoza.

“If we wanted to see the positive side of these kinds of incidents, we could indicate that they contribute to highlight the relevance of cybersecurity in these times and the importance of addressing the issue from different perspectives, since it is not only Technological issues, “concluded Miguel Ángel Mendoza.