We are very conscious that this has affected users, and we are sorry about that and we are taking immediate actions to recover the speed of the system with full security.The bank governor has declined to name the banks that have been hit, but media reports have claimed that Mexico's second-largest bank, Banorte, was affected. For now, mystery surrounds precisely how the hackers managed to drain the banks of such a substantial amount of money. Lorenza Martinez is the head of operations at the Bank of Mexico (Banxico for short). Martinez told Reuters that the central bank's SPEI interbank transfer system - similar to SWIFT used elsewhere in the world - was not compromised but pointed the finger of blame at third-party software which connected to the payment system. https://www.youtube.com/watch?v=jLx-5iVB0tg In an advisory published on Banxico's website, financial institutions using SPEI are told to implement additional controls to increase their chances of detecting irregular transfers and verify the integrity of their operations. That's good advice, as clearly more needs to be done to stop hackers from fraudulently stealing funds from bank systems. Not only are there understandable concerns about the huge amount of money involved in such heists, but harm is also being done to the general public’s trust in the banking system if there continue to be headlines of security failures. Organized criminal gangs have taken advantage of SWIFT to steal large amounts of money. Banks have been targeted with bespoke malware that exploits the SWIFT system, as in the case of Bangladesh Bank where criminals successfully made off with $81 million. And last year a hacking gang abused the SWIFT banking network to steal $60 million after planting malware on a Taiwanese bank’s servers. In the opinion of Bank of Mexico Governor Alejandro Diaz de Leon, some Mexican financial institutions may have fallen foul of lax security:
Perhaps, some financial institutions perceived the attacks in Bangladesh as something very distant. But criminals look for vulnerability and once they see it they are going to exploit it.Whether you're a bank or not, a small business or a home user, I think that last sentence is a truth that we can all agree upon.