Attacks on Financial Institutions
In 2024, the Mexican financial sector faced a concerning scenario: four banking institutions were victims of cyberattacks, with estimated losses amounting to 483.85 million pesos, marking a 443% increase from 2023 when damages totaled 89.08 million pesos.
Fabio Assolini, Director of Global Research and Analysis Team at Kaspersky in Latin America, stated that while the financial sector is one of the most digitized and cybersecurity-advanced, it is also the most targeted due to its nature.
“Banks invest in detection, protection, and authentication tools, but cybercriminals are relentless. They constantly seek vulnerabilities or new technologies to commit fraud,” he said in an interview.
Attacks on Institutions
While users are targeted by mass techniques, banks face more complex threats. Assolini mentioned the Lázaro Group, active since 2016, which initially attacked the Swift network (used for international transfers) and stole millions of dollars in Asia and Latin America. This group has evolved into three strategies:
- Attacks on cryptocurrency companies: They shifted their focus to exchanges and fintech.
- Supply chain: They infect software used by banks (like accounting systems) to infiltrate their networks.
International collaboration is crucial. Assolini cited the Grandoreiro case, where Interpol, along with Spanish and Brazilian police, managed to arrest parts of the gang. However, “these criminals operate from other countries, making their capture difficult,” Assolini warned.
Attacks on Users
Among the most commonly used methods against users are:
- Banking Trojans: Malware that installs on devices and steals credentials when accessing banking apps or websites.
- Social engineering: Fake emails, SMS, or calls impersonating banking or government entities (like the SAT) to create urgency or fear, leading victims to download malicious files.
- Deceptive ads: Campaigns on Google or social media that redirect to fake websites.
A notable example is the Grandoreiro Trojan, originating from Brazil but adapted specifically for Mexico in 2024. This version only included 30 Mexican banks in its code and used local themes, like the CFDI (Digital Tax Invoice), to deceive victims.
Attribution and Punishment
One of the biggest challenges in Latin America is the lack of strict cybercrime laws.
“In Mexico and the region, penalties are minimal. A criminal can be arrested multiple times but serve little prison time,” Assolini said.
He compared this situation to the United States, where carders (experts in cloning cards) have received 30-year sentences.
This impunity, combined with the cross-border nature of cybercrime, encourages tech-savvy young individuals to engage in criminal activities.
“As long as there are no harsher laws, cybercrime will continue to grow,” he said.
Recommendations
For banks:
- Adopt Threat Intelligence: Confidential technical reports alerting about new attack techniques.
- Monitor software providers to avoid supply chain breaches.
For users:
- Use security solutions (antivirus, authentication tools).
- Avoid clicking on suspicious email, SMS, or ad links.
- Download banking apps only from official stores.
- Never share OTP (one-time passwords).
For companies:
- Designate exclusive devices for banking operations.
- Train employees to identify phishing attempts.
