Three Mexican Banks Targeted in Attempted Cyberattack

Cyberattack eye with matrix looks at viewer concept.

Three Mexico-based banks were the latest victims of an attempted cyberattack which aimed to gain access to the nation’s electronic payments systems.

Unknown hackers attempted to breach the electronic payment systems in Mexico, an action that forced three major financial institutions to endorse contingency plans.

According to a statement released by Banco de Mexico, three banks had reported experiencing “incidents” particularly when operating the Mexico Interbank Electronic Transfer System (SPEI).

The notice further went on to outline that following this, the affected banks, through contingency plans, are expected to link with the Mexico Central Bank network immediately, a move which could result in money transfer delays.

However, the statement also noted that neither the “client money” nor the SPEI infrastructure of the Central Bank was compromised.

In particular, the Grupo Financiero Banorte was singled out as having experienced an occurrence with a transitional process of the primary system, which it uses to link to the money-transfer network of the Central Bank.

The bank, however, through a tweet, later confirmed that they had reestablished the service. What they did not address nonetheless, is whether the bank was a victim of a cyberattack.

Banks Now a Hot Target for Cyberattacks

Based on the number of incidents reported over the last few months, one cannot help but notice the growing frequency of cyberattacks specifically targeting banks.

This latest attack on Mexican banks comes just a few months after hackers breached Bancomext (an export bank run by the Mexican government) at the beginning of the year and tried to get away with funds. As a result, the lender decided to suspend all international operations.

In their official statement, Bancomext (also referred to as The National Bank of Foreign Trade) confirmed that despite putting in place stringent security measures, it nevertheless fell prey to a breach initiated by an unknown third party targeting its global payment platform.

Luckily for Bancomext, the export bank was able to contain the incident, although it took the intervention of both its protocol as well as the local authorities, Banxico included.

Alternative Network

After the attack, the Mexico Central Bank requested that Banco Del Bajio SA use an alternative network to link to the SPEI network.

Luckily, as one spokesman confirmed, neither the client funds nor payment transfer system of the lender was affected or failed. Furthermore, according to the Mexico Ministry of Finance, there were no issues reported by government banks.

The SPEI System

cyberattack alert stencil print on the grunge brick wall with gradient effect

Unknown hackers attempted to breach the electronic payment systems in Mexico, an action that forced three major financial institutions to endorse contingency plans.

The Interbanking Electronic Payment System (SPEI) first made its debut in 2014. It allows the electronic transfer of money between deposit accounts via a reserved, encrypted network which is run by the Central Bank of Mexico.

Last October, Banco de Mexico released a report warning the public of the numerous perils of cyberattacks. The report outlined that it is possible that the dangers could comprise systemic attacks targeting financial systems, a reality acknowledged even by the regulators.

In extension, the report also highlighted on the vital role authorities play in ensuring the solidity of the financial systems is conserved after such attacks occur.

Banxico outlined that authorities play an integral part when considering the shortage of comprehensive and adequate information on such types of attacks, especially where financial institutions are the primary victims.

This is mostly because such institutions may choose to withhold this information to salvage, preserve and prevent their reputation (with their clients) from permanent damage.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.