Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Latin American bank attacks and the governance gap in financial security


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11631
Topic starter  

TL;DR: Bank attacks in Latin America accelerated during the pandemic, with more than 91 billion attack attempts in the first half of 2021 and multiple incidents affecting online banking, ATMs, and payment systems, according to GlobalSign. The pattern shows how cloud migration, ransomware, and weak banking controls turn operational disruption into customer and reputational damage.

NHIMG editorial — based on content published by GlobalSign: a review of banking attacks in Latin America and their security impact

By the numbers:

Questions worth separating out

Q: What fails when a bank relies only on login authentication?

A: Login checks do not stop malware that lives inside the session, watches transactions, or alters activity after the user is already authenticated.

Q: When should financial institutions prioritise segmentation over broader platform consolidation?

A: They should prioritise segmentation whenever payment systems, online banking, and administrative tools share enough trust that one compromise could affect all three.

Q: What do security teams get wrong about certificates in banking environments?

A: They often treat certificates as static infrastructure rather than managed trust identities.

Practitioner guidance

  • Segment banking trust zones Separate customer-facing banking platforms, payment systems, admin environments, and endpoint management tools so a single compromise cannot spread laterally across critical services.
  • Harden transaction monitoring Correlate login, session, device, and transfer patterns so malware that operates after authentication is detected before high-value transactions complete.
  • Build certificate lifecycle ownership Assign explicit owners for SSL/TLS and S/MIME certificates, track expiry and revocation, and remove unmanaged trust assets from banking service paths.

What's in the full article

GlobalSign's full article covers the incident detail this post intentionally leaves at a governance level:

  • Named case summaries for Banco Pichincha, Banco de México, Banco Nación, and the Carioca malware campaign.
  • Localised context on how banking attacks in Latin America evolved during the pandemic and why small and mid-sized banks were exposed.
  • The article's own framing of user protection, banking website security, and digital certificate use in financial institutions.
  • A source-specific narrative of the incidents and the author's perspective on bank security in the region.

👉 Read GlobalSign's overview of banking attacks in Latin America →

Latin American bank attacks and the governance gap in financial security?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11186
 

Banking attacks are increasingly an identity and trust problem, not only a malware problem. The article shows that customer impact comes from compromised services, payment channels, and access paths, not just from the payload itself. In banking, identity controls govern who and what can touch transaction systems, so IAM, PAM, and certificate lifecycle management become resilience controls as much as access controls. Practitioners should treat banking trust paths as attack surfaces that need continuous governance.

A question worth separating out:

Q: Who is accountable when ransomware disrupts customer banking services?

A: Accountability sits with the teams that own containment, recovery, identity governance, and service resilience, not just with the SOC. Regulators and auditors will look for evidence that access paths, service identities, and recovery procedures were governed before the incident and executed quickly after it. In banking, resilience is a management obligation, not only a technical one.

👉 Read our full editorial: Latin American bank attacks expose cloud and banking security gaps



   
ReplyQuote
Share: