News broke this week that following a cyberattack, hackers were able to siphon hundreds of millions of pesos (about $15.4 million) from a number of Mexican banks, including No. 2 Banorte and others that are yet to be named. The criminals created fake orders that wired funds to bogus accounts then immediately withdrew the cash. The incidents are still being investigated. Jeannie Warner, Security Manager at WhiteHat Security commented below.
“SMBs, like smaller banks, and emerging markets have immature security processes and insufficient expertise. Outsourcing many security checks and tests makes more sense than trying to hire and retain expert security talent. Here in the heart of the Silicon Valley, it is inexcusable not to have default passwords, up-to-date patches, and multi-factor authentication for logins to financial systems because we’ve been attacked for years, and we have a lot of security talent at our fingertips. Emerging markets are a softer target, but their money spends just as well to thieves.
While financial regulators may not have paid close attention, there is also a failing in calling out how to secure third-party apps and APIs. Most of the regulations focus on securing networks, with applications left something of a black box. Only PCI DSS calls out specific checks for applications, and I am unconvinced that rigor is applied to every single component of the financial system, especially third-party plugins for bill payment systems.”
Cyber Attack News – Mexican Banks Hacked
News broke this week that following a cyberattack, hackers were able to siphon hundreds of millions of pesos (about $15.4 million) from a number of Mexican banks, including No. 2 Banorte and others that are yet to be named. The criminals created fake orders that wired funds to bogus accounts then immediately withdrew the cash. The incidents are still being investigated. Jeannie Warner, Security Manager at WhiteHat Security commented below.
Jeannie Warner, Security Manager at WhiteHat Security:
While financial regulators may not have paid close attention, there is also a failing in calling out how to secure third-party apps and APIs. Most of the regulations focus on securing networks, with applications left something of a black box. Only PCI DSS calls out specific checks for applications, and I am unconvinced that rigor is applied to every single component of the financial system, especially third-party plugins for bill payment systems.”
Recent Posts
Response To News On Cyber Pathways Initiative
Lack Of Web Scraping Regulations Hurts Progress
Your Android Phone Can Now Keep All Your Passwords On Your Home Screen
Yodel Cyber Incident – Experts Discussion
Why 84% Of US Firms Hit With Identity-Related Breaches In 2021