In 2018 a North Korean state-sponsored hacking group stole roughly $15-$20 million from Mexican banks says Josi Loza who presented his findings at the RSA Conference.
According to Wired:
Loza emphasizes that while the attacks likely required extensive expertise and planning over months, or even years, they were enabled by sloppy and insecure network architecture within the Mexican financial system and security oversights in SPEI, Mexico's domestic money transfer platform run by central bank Banco de México, also known as Banxico.
Thanks to security holes in the targeted bank systems, attackers could have accessed internal servers from the public internet or launched phishing attacks to compromise executives—or even regular employees—to gain a foothold. Many networks didn't have strong access controls, so hackers could get a lot of mileage out of compromised employee credentials. The networks also weren't well segmented, meaning intruders could use that initial access to penetrate deep into banks' connections to SPEI and, eventually, SPEI's transaction servers, or even its underlying code base.
The worst part about these attacks is information was not encrypted at rest, allowing attackers access to transaction data once they breached the network.
Hackers are getting more sophisticated and companies are not taking the necessary precautions to protect themselves from attacks.
Other important information to be aware of is the U.S. is the largest hacker target and the cybersecurity threat to business is worse than ever.
Hackers in fact, are reinvesting – spending 10 times more than enterprises to control, disrupt and steal!
Every company is a potential target and should use a phishing simulation tool which tests employees by sending safe phishing emails. When employees click, they are then presented with educational material which helps them learn what to avoid.
One alternative, Phish360 is so effective, it has achieved almost 100% click rate when used in various organizations.
The good news is the workers who click, can be quickly trained on what to avoid in the future.
Here are other areas all organizations looking to promote a cybersecurity culture need to focus on:
- Cybersecurity training must be done regularly.
- Auditing and documentation must be performed regularly to ensure systems are secure.
- Anomaly detection should be running constantly to detect threats as they emerge.
- Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.
- Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.
- An action plan to follow when a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched it’s response in what is being called a PR catastrophe.
To ensure your organization is safe – even if you have internal IT, hire an experienced MSP or MSSP like Apex Technology Services