![\"In](\"https:\/\/wp-assets.futurism.com\/2019\/03\/hackers-stole-20-million-mexican-bank-300x158.png\")
<\/div>Ocean’s Once<\/span><\/h2>In April 2018, hackers stole the equivalent of $15 million from Mexican banks<\/a> — and now we know how they probably did it.<\/p>Penetration tester and security advisor Josu Loza was one of the experts called in to respond to the April heist, and on March 8 he presented his findings<\/a> at the RSA Security conference in San Francisco.<\/p>Based on his analysis, Mexico’s central bank wasn’t doing nearly enough to protect its clients’ money — but other financial institutions could avoid the same fate if they’re willing to work together.<\/p>
Easy Money<\/h2>
On Friday, Wired<\/em> published a story<\/a> detailing the information Loza shared with the audience at RSA’s conference. Based on his assessment, the success of the heist was due to a combination of expert bank hackers willing to spend months planning their crime and a banking network rife with security holes.<\/p>During the presentation, Loza made the case that the hackers might have accessed the Banco de México’s internal servers from the public internet, or perhaps launched phishing attacks on bank executives or employees to gain access.<\/p>
Regardless of how they first got access, Loza said, the main problem was putting too many eggs in one security basket. Because many of the networks lacked adequate segmentation and access controls, he argued, a single breach could provide the bank hackers with extensive access.<\/p>
That enabled them to lay the groundwork to eventually make numerous money transfers in smaller amounts, perhaps $5,000 or so, to accounts under their control. They’d then pay hundreds of “cash mules” each a small sum — Loza estimated that $260 might be enough — to withdraw the money for them.<\/p>
Cyber Insecurity<\/h2>
The bank hackers are still at large, but the heist<\/a> appears to have served as a wake-up call for the Banco de México.<\/p>“From last year to today the focus has been implementing controls. Control, control, control,” Lazo said during his presentation, according to Wired<\/em>. “And I think the attacks aren’t happening today because of it.”<\/p>He also noted the need for companies to collaborate to defend against cyberattacks.<\/p>
“Mexican people need to start to work together. All the institutions need to cooperate more,” Loza said. “The main problem on cybersecurity is that we don’t share knowledge and information or talk about attacks enough. People don’t want to make details about incidents public.”<\/p>
READ MORE: <\/strong>HOW HACKERS PULLED OFF A $20 MILLION MEXICAN BANK HEIST<\/a> [Wired<\/em>]<\/p>More on hacking:<\/strong> Hacker Figures out How to Drain $1 Million in Cash From ATM<\/a><\/em><\/p>The post Here’s How Hackers Stole $15 Million From Mexican Banks<\/a> appeared first on Futurism<\/a>.<\/p>See the original post:
Here’s How Hackers Stole $15 Million From Mexican Banks<\/a><\/p>","protected":false},"excerpt":{"rendered":" Ocean\u2019s O nce In April 2018, hackers stole the equivalent of $15 million from Mexican banks \u2014 and now we know how they probably did it. Penetration tester and security advisor Josu Loza was one of the experts called in to respond to the April heist,\u00a0and\u00a0on March 8 he presented his findings at the RSA Security conference in\u00a0San Francisco. Based on his analysis, Mexico\u2019s central bank wasn\u2019t doing nearly enough to protect its clients\u2019 money \u2014 but other financial institutions could avoid the same fate if they\u2019re willing to work together Continue reading
Penetration tester and security advisor Josu Loza was one of the experts called in to respond to the April heist, and on March 8 he presented his findings<\/a> at the RSA Security conference in San Francisco.<\/p> Based on his analysis, Mexico’s central bank wasn’t doing nearly enough to protect its clients’ money — but other financial institutions could avoid the same fate if they’re willing to work together.<\/p> On Friday, Wired<\/em> published a story<\/a> detailing the information Loza shared with the audience at RSA’s conference. Based on his assessment, the success of the heist was due to a combination of expert bank hackers willing to spend months planning their crime and a banking network rife with security holes.<\/p> During the presentation, Loza made the case that the hackers might have accessed the Banco de México’s internal servers from the public internet, or perhaps launched phishing attacks on bank executives or employees to gain access.<\/p> Regardless of how they first got access, Loza said, the main problem was putting too many eggs in one security basket. Because many of the networks lacked adequate segmentation and access controls, he argued, a single breach could provide the bank hackers with extensive access.<\/p> That enabled them to lay the groundwork to eventually make numerous money transfers in smaller amounts, perhaps $5,000 or so, to accounts under their control. They’d then pay hundreds of “cash mules” each a small sum — Loza estimated that $260 might be enough — to withdraw the money for them.<\/p> The bank hackers are still at large, but the heist<\/a> appears to have served as a wake-up call for the Banco de México.<\/p> “From last year to today the focus has been implementing controls. Control, control, control,” Lazo said during his presentation, according to Wired<\/em>. “And I think the attacks aren’t happening today because of it.”<\/p> He also noted the need for companies to collaborate to defend against cyberattacks.<\/p> “Mexican people need to start to work together. All the institutions need to cooperate more,” Loza said. “The main problem on cybersecurity is that we don’t share knowledge and information or talk about attacks enough. People don’t want to make details about incidents public.”<\/p> READ MORE: <\/strong>HOW HACKERS PULLED OFF A $20 MILLION MEXICAN BANK HEIST<\/a> [Wired<\/em>]<\/p> More on hacking:<\/strong> Hacker Figures out How to Drain $1 Million in Cash From ATM<\/a><\/em><\/p> The post Here’s How Hackers Stole $15 Million From Mexican Banks<\/a> appeared first on Futurism<\/a>.<\/p> See the original post: Ocean\u2019s O nce In April 2018, hackers stole the equivalent of $15 million from Mexican banks \u2014 and now we know how they probably did it. Penetration tester and security advisor Josu Loza was one of the experts called in to respond to the April heist,\u00a0and\u00a0on March 8 he presented his findings at the RSA Security conference in\u00a0San Francisco. Based on his analysis, Mexico\u2019s central bank wasn\u2019t doing nearly enough to protect its clients\u2019 money \u2014 but other financial institutions could avoid the same fate if they\u2019re willing to work together Continue reading Easy Money<\/h2>
Cyber Insecurity<\/h2>
Here’s How Hackers Stole $15 Million From Mexican Banks<\/a><\/p>","protected":false},"excerpt":{"rendered":"