Banking infrastructure around the globe has seen an increase in cyber attacks recently, with hackers in Mexico targeting the country’s payment transfer system and getting away with at least $15 million, and an attack on two major Canadian banks this week resulting in the theft of data from almost 90,000 customers.
In Mexico, this is the second wave of major attacks on the country’s banking system this year. The first spate of attacks, in January, targeted the Swift system at Bancomext. Later, it emerged that hackers, believed to be from North Korea, had tried to siphon off more than $110 million from the Mexican bank, forcing it to temporarily suspend its international payment platform operations.
The most recent spate of attacks in Mexico, in early May, targeted the country’s domestic payment transfer system, SPEI, getting away with at least $15 million. Authorities don’t know where the attacks originated and aren’t certain that they have ended yet.
On Monday, the Bank of Montreal and Canadian Imperial Bank of Commerce were both targeted by cyber attackers in what is believed to be the first significant assault on Canada’s banks.
Hackers are believed to have stolen the data of more than 90,000 customers and contacted both banks, threatening to make it public unless they received a $1 million ransom. In a statement on its website, Bank of Montreal said: “We are providing you with this update because we received a claim that fraudsters gained access to certain personal and financial information for some of our customers. We are calling each potentially-impacted customer to offer complimentary credit monitoring, replace cards, ensure all passwords get reset, and determine if there was any financial impact. Customers will not lose money from this incident, as we will fully reimburse our customers for any financial impact of unauthorized transactions.”
A spokesperson for BMO told Reuters that less than 50,000 of the bank’s eight million Canadian customers were hacked but declined to comment on whether any money was lost.
Canadian Imperial Bank of Commerce told Reuters that it had also been contacted by fraudsters on Sunday, claiming they had electronically stolen personal account information of 40,000 customers of its Simplii direct banking brand.
There have been increasing numbers of cyberattacks against banks and financial institutions, globally, in recent months.
In April, Bank Negara Malaysia (BNM) was targeted in a SWIFT related attack, similar to the one on Bancomext, and in January the top three banks in the Netherlands were targeted in rolling DDoS attacks.
In March, Swiss watchdog FINMA warned that cyberattacks were the biggest risk posed to the Swiss banking system.
Head of UK financial watchdog FCA Megan Butler announced last week that British banks now spend £5 billion a year combating financial crime as she urged financial institutions to invest in new technology to fight cyber criminals.
“Excessive risk aversion is not going to help us win an arms race that is so heavily rooted in automation,” Butler said. “We need to turn technology against criminals.”
The UK saw seven of its major banks forced to temporarily suspend operations after a major DDoS attack last year, instigated using software that could be rented for as little as £11.