https://arstechnica.com/information-technology/2019/03/how-hackers-pulled-of-a-20-million-bank-heist/
By Lily Hay Newman
Wired.com
3/17/2019
In January 2018 a group of hackers, now thought to be working for the North
Korean state-sponsored group Lazarus, attempted to steal $110 million from the
Mexican commercial bank Bancomext. That effort failed. But just a few months
later, a smaller yet still elaborate series of attacks allowed hackers to
siphon off 300 to 400 million pesos, or roughly $15 to $20 million from Mexican
banks. Here's how they did it.
At the RSA security conference in San Francisco last Friday, penetration tester
and security advisor Josu Loza, who was an incident responder in the wake of
the April attacks, presented findings on how hackers executed the heists both
digitally and on the ground around Mexico. The hackers' affiliation remains
publicly unknown. Loza emphasizes that while the attacks likely required
extensive expertise and planning over months, or even years, they were enabled
by sloppy and insecure network architecture within the Mexican financial
system, and security oversights in SPEI, Mexico's domestic money transfer
platform run by central bank Banco de México, also known as Banxico.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
