Threat Management, Vulnerability Management

Third-party software vulnerability results in Mexican bank heist scoring millions

Mexican authorities are investigating suspect a bank hack that siphoned hundreds of millions of pesos out of at least five banks.

A vulnerability in software developed by a third party and used to connect payment systems is suspected to have been compromised allowing the money to be illegally siphoned from “fake accounts”, Banxico, Mexico's central bank, Head of Operations Lorenza Martinez told Reuters.

Threat actors sent hundreds of false orders to the money around in amounts ranging from tens of thousands to hundreds of thousands of pesos from various banks to accounts that were then emptied in cash withdrawals from dozens of branch offices.

One source told publication the thieves made off with more than 300 million persons or $15.4 million while others have reported as much as 400 million pesos may have been stolen.

Authorities are still investigating whether or not the attackers have help from inside the bank.

“The successful attacks on Mexican banks represent an enormous failure of third-party risk management,” CyberGRX Chief Information Officer Fred Kneip told SC Media. “As the SWIFT Network learned after an attack on a member bank led to a costly breach, it only takes one vulnerability for attackers to gain access to your network and ride in on a trusted connection.”

Kneip went on to say that cybercriminals are increasingly targeting third parties – suppliers, contractors, vendors and, in this case, a software provider used by the central bank's SPEI interbank transfer system – to breach high-value networks. 

In order to effectively mitigate the persistent and potentially damaging threats posed by attackers institutions must collaborate and share information at all levels. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.