Hackers have siphoned hundreds of millions of pesos out of at least 5 Mexican banks in a coordinated cyber-attack.
The cyber criminals carried out the brazen attack by creating phantom orders that wired funds to fake accounts, which were promptly emptied and drained of any cash.
The criminals sent hundreds of false orders to move amounts ranging from tens of thousands, to hundreds of thousands of pesos from banks, including Banorte, to fake accounts in other banks. It is reported that the thieves transferred more than 300 million pesos (USD $15.4 million), although some sources claim it could be as much as 400 million.
It is suspected that the hackers exploited a vulnerability in the software developed by a third party, used to connect payment systems. By gaining access to the network, the criminals have been able to fraudulently transfer funds to bogus accounts.
Mexico’s electronic banking system SPEI, is similar to the SWIFT Global messaging system that moves trillions of dollars around the world each day. Hackers have used SWIFT connections in the past to launch targeted attacks at banks throughout the world.
As a result of the hack, Mexico’s central bank announced it is creating a dedicated cybersecurity unit. The new unit will design and issue guidelines on Information security to prevent further attacks on the country’s banking system.