What are the most common cyber attacks in Mexico?

Cybersecurity is an issue that is increasingly taken seriously by companies around the world, which is why the firm Ernst & Young, better known as EY, opened its first CyberSOC or security center in Mexico. According to EY data, Mexico is the second country in Latin America to suffer more cyber attacks, only behind Brazil, and is one of the ten most attacked countries in the world.

To talk more about cybersecurity and the functions of EY's CyberSOC in Querétaro, MILENIO had the opportunity to attend the inauguration of the center and interview Juan Carlos García Caparrós, executive director of cybersecurity at EY, and Juan Ramírez, senior manager of the Forensics area.

What is a CyberSOC and what does it do?

CyberSOCs are cybersecurity operations centers that seek to support customers by telling them what measures to take or implement to combat cybercrime threats, but also help operate those same strategies. Juan Carlos explained that "it is a project that we started to devise three years ago. The consulting we gave at EY was not enough, because we only did an analysis of their cybersecurity programs, what gaps they had and gave them a list of things they had to do, but up to that point we realized that it was not enough".

The director of cybersecurity added that CyberSOC "covers the entire cybersecurity management of a customer. We broke it down into five things: protection, monitoring, detection, response, and resolution. However, the technology aspect is not the only thing that EY covers with its cybersecurity center. Juan Ramírez pointed out that "incidents classified as critical have many implications, whether technological, legal, communication, reputation, or regulatory, so in this situation, at CyberSOC we can provide consulting services to deal with all aspects of the problem, not just the technological part".

Why is it important to have a CyberSOC in Mexico?

"Cybercrime has become the most profitable organized crime of all, growing every year. In 2015, for example, it was estimated that cybercrime represented 125 billion dollars, but in 2019 it was 600 billion dollars," he said.

Juan Carlos. On the other hand, they mentioned that nowadays, cyber-criminals are very well organized and prepared, since they generate new strategies to be able to steal your identity, money, disrupt operations, and damage reputations.

Why did they choose Querétaro?

"Querétaro today is a technological hub. The state has invested for several years to bring this type of technology. In addition, it is a much safer area than Mexico City in terms of violence and it represents less risk of natural disasters, and there is a great development of universities," Juan Carlos emphasized.

What are the most frequent cybersecurity threats?

The experts mentioned that among the most frequent threats in Latin America are attacks on people through phishing, malware, and ransomware. "The objectives of a cyber attack can be different, they normally seek the extraction of valuable resources, which are not only monetary, since they are also data, intellectual property, disruption in their operation, affecting their suppliers and supply lines," explained Juan Ramírez. Finally, Juan Carlos mentioned that "there are already attacks from nations to nations, it is already a cyberwar because they can be used as weapons, attacking water or energy supplies, and influencing elections.

Mexico is not prepared to stop a cyberattack, says Harvard professor

According to Israel Reyes, a professor at Harvard, cybercrime costs more than one trillion dollars worldwide. Nowadays, cyber-attacks are the biggest threat facing the business world before terrorism, asset bubbles, and other risks. We have a digital world, a technological revolution that is changing society in its way of living and behaving. And an attack on a network of processing or communications could cause damages of 50 billion to 120 billion dollars.

A much broader and more debilitating attack is not exaggerated. Late last year, the Federal Bureau of Investigation (FBI) issued a warning to banks about a large-scale pending attack known as a "cash withdrawal" strike of ATMs, in which waves of fraudulent withdrawals are synchronized, Bank accounts would be exhausted, says global consultant Israel Reyes Gómez.

Professor at Harvard, Master in Applied Mathematics, specialist, with more than 20 years of experience, with work in the subject in the United States, the Russian Federation, China, Australia, and New Zealand, Reyes Gómez recalls in an interview with the Editorial Organization Mexicana, that since the forced bankruptcy of investment bank Lehman Brothers, which triggered the financial crisis a decade ago, regulators, risk managers and central bankers around the world, focus on bolstering the ability of banking institutions to resist the financial crises.

But, he clarifies, the next crisis may not come at all from a financial shock. Most likely, it is a cyber attack that would cause disruptions in the capabilities of financial services, especially payment systems around the world, he says. He notes that cybercriminals have always looked for ways to infiltrate financial technology systems. Now, the financial system faces the additional risk of becoming collateral damage, a broader attack on the structure, on the critical national infrastructure.

And he says: "An attack of this kind could shake the confidence in the global system of financial services, causing banks, companies, and consumers to be blocked, confused or frightened. This could have a mega negative impact on economic activity. "

With his work experience in major global corporations such as IBM, Hewlett-Packard, and Fujitsu, this mathematician argues that cybercrime costs nations more than a trillion dollars worldwide, much more than the 300 billion dollars that caused natural disasters in 2017, and that was a record number, "according to a recent analysis conducted by our company."

In recent July, he explains, it was revealed that hackers working for Russia had easily penetrated the control rooms of US power companies and could have caused blackouts.

How could a financial crisis unleashed by a cyber attack develop?

"A likely scenario would be an attack by a dishonest nation or terrorist group to financial institutions or major infrastructure. Within North Korea, for example, the Lazarus Group, which is also known as Hidden Cobra, routinely looks for ways to engage banks, exploit cryptographic currencies. An attack on a bank, an investment fund, a custodian firm, a network of ATMs, the interbank messaging network is known as SWIFT or the Federal Reserve itself would have a direct impact on the financial services system.

And another possibility would be if an amateur, hacktivist, or kiddy scrip, use malicious programs to launch a cyberattack without due consideration, such an attack could have a chain reaction and cause damage beyond the original intention, because the rules, the Battle rules, and principles that are conventional wisdom in most war situations, do not exist significantly in the digital domain. "

He recalled that in 2016, a script for children caused a broad attack of denial of service that affected Twitter, Spotify, and other well-known Internet services, as fans joined together to make "mischief". Reyes Gomez says that whether the major cyber attack is deliberate or accidental, the damage could be considerable.

An example:

"The majority of ATM networks in North America could freeze. Credit cards and other payment systems could fail all over the world as happened with the Visa network in the United Kingdom in June 2018.

"Online banking could also become inaccessible: there is no cash, there are no payments, there is no reliable information about bank accounts. In addition, banks may lose the ability to make transactions between them during a critical period of uncertainty.

"There could be a general panic, even if it's temporary."

How during the Great Recession?

"It could not cause the kind of financial crisis like the one that triggered the Great Recession in the United States, in October 1929, since it is likely that the money will be returned to banks and payment providers once the systems are back in place. online. "At the same time, it is not clear how a Central Bank - the traditional firefighter of the financial crisis - could respond to this type of situation at short notice. "But, once the problem is solved and the crisis is halted, an overwhelming task of recovery is looming. And it would be even more difficult if the data were manipulated, corrupted, or made inaccessible."

How to prevent such a scenario?

"Companies must implement systems that allow them to stop the spread of a cyber attack infection and resume operations as quickly and smoothly as possible. "The financial services industry needs to be completely in agreement and prepared to practice coordinated response and recovery strategies to avoid systemic failures. "Regulators from many nations work diligently to prepare and reduce cyberattacks," he says.

"But, they must look beyond their own borders and introduce regulations, laws and cooperation frameworks in unison, such as the European Union's Information Security and Networking Directive, which is designed to protect a growing list of infrastructure criticism: from banking and health systems to online markets and cloud services. "

Israel Reyes points out that the problem of cyberspace and cybersecurity "is a challenge", and points out that the next war between countries will be cybernetic. "Russia, China, the United States, and the United Kingdom are the best. The one with the supremacy will be the colonizer. "

On the situation in which Mexico finds itself, the specialist explains that:

"Mexico has talent and very intelligent people in the field of Information Technology and must move from being a consumer to being autonomous of their information sovereignty. In the country, there is no sovereignty of information. Technological independence is a necessity, "he says.

He asserts that China did not allow Google or WhatsApp to enter and created its own platform, in defense of its information sovereignty. "Our country must promote a Cyberspace Law. In the United States, hacked institutions must inform the authorities of what happened and who the victims are. We do not have who defends us. We are behind. We need a Law for Modernization and Improvement in Cybersecurity ". And we have to face the problem. Do not turn it around "We have to create laws that do not violate freedom of expression -because it is a very fine line-; but also to set the rules for the responsible use of communication platforms, because social networks and the internet are massive communication platforms."

And in Mexico, he explains, there is no legislation that is updated in this rapid growth of technology. "President López Obrador talks about the Fourth Political Transformation, but that also has to have an adaptation to the use of new technologies in the laws." On the other hand, he says, in the European Union, the United States and China are protected. The European Union (EU) has a Law on Data Protection.

What happened in the attack on the Bank of Mexico, last year?

"Banxico responded late and did not report what had happened with the temporary interruption of the Interbank Electronic Payment System (SPEI), which was reported to have been cyber attacks since the end of April. According to official figures, the damage was 300 million pesos. "It was an unprecedented robbery of cybercriminals and they left no evidence. This is a perfect crime. "

How to prevent such attacks?

"With more awareness of how to use technologies. We are excellent users and excellent adopters of new technologies, but we have a big gap between what is the legislation that regulates them and our good ethical use of them. This is what happens with fake news with fake tips.

"An ambiguous, false information environment is being created that can harm society and governments when it is used against them, like what happened with the fake news, with the intervention of Russia in the United States, which is already public: the manipulation of past elections and the influence of society through social networks.

"We are technology adopters, users, but we do not have the level of awareness of what it means to use them. They can be weapons against society itself. And as well as the internet that we created as a society and gave us multiple economic benefits with electronic commerce, with quick access to communication and information, it is also our greatest vulnerability."

Is it a latent risk?

"Yes. And we are not prepared. We do not have laws that regulate fake news. We must understand what information is power and information is a weapon. "There is a new doctrine of war called Empowered Cyberspace for Information, Influence, Militarization, and Manipulation of Society or Countries. That's a big problem. Recall what happened in the Arab Spring. Within a week there was false, ambiguous news that completely destabilized the countries. Another case is Brexit."

And about Mexico?

"There are two very worrying things: We do not have laws that regulate this type of activities that can destabilize the Mexican economy, for example, a cyber attack of reputation damage to financial institutions: that they erased and altered all financial information to the Bank of Mexico and that the news spread through social networks. "That would automatically detonate a crisis in Mexico in a matter of hours due to the rapid replication of that information on social networks."

Would there be a major crisis?

"Exactly. Exactly. That is the big problem we have right now in cyberspace. And we do not see it as a risk. "All politicians, organizations complain about the fake news. Even President Andrés Manuel López Obrador (during the campaign) did not want to go to Puebla because he said there was a hostile environment in social networks, but we do nothing to regulate cyberspace. "And in cyberspace is where fiction becomes reality."