During 2021, Banco de México (Banxico) reported 10 cyber incidents in the national financial system.
The main services affected were ATMs, internet banking and transfers in branches.
In January 2021, it reported three incidents: two attacks on ATMs of banking institutions, and a ransomware on servers and terminals of a credit institution.
The type of ransomware identified in the incident was: Revil, also known as Sodinokibi.
In February, two attacks were detected on ATMs of banking institutions.
In March 2021 there were also two, one on a bank’s ATM and the other was an attack on the fund transfer service from branches, a credit institution and its brokerage house.
Then in April another two attacks on ATMs.
And in June, an attack on the fund transfer service from branches, a credit institution and its brokerage house.
Regarding the cyber risks faced, Banxico highlighted that, although some continued to materialize, They did not lead to financial damage to the clients of the institutions, nor have they significantly impacted their processes and resources.
The foregoing, he explained, thanks to the fact that improvements in the incident response processes continue to be promoted.
In addition to the Central Bank validating the institutions ‘compliance with basic cybersecurity measures, it promoted actions to improve the institutions’ response capacities to cyber attacks.
He highlighted that a cyber-resilience exercise was carried out at the end of November, in which different types of cyberattacks were simulated that forced the participating institutions to apply their detection, containment and response protocols.
He reported that five multiple banking institutions of systemic relevance participated, in addition to the response teams of the Central Bank.