Two of Mexico's most important institutions (the Federal Electricity Commission (CFE) and the National Water Commission (Conagua)) are under scrutiny by cybercriminal groups that could exploit technical flaws to infiltrate key systems. Although many of these vulnerabilities may seem minor or insignificant, they can actually have enormous consequences: from millions of pesos in losses to leaving much of the country without essential services.
A recent cybersecurity report by SILIKN revealed that a group of hackers known as Prophet Spider is using sophisticated techniques to access the servers of institutions that are part of the national critical infrastructure.
These attackers, known as initial access brokers, do not necessarily carry out the final attack. Their business consists of infiltrating first and then selling that access to other groups specializing in ransomware, who hijack the information and demand payments in cryptocurrency in exchange for releasing it.
The most worrying thing is that many of these breaches arise from simple configuration errors on official websites. This makes Mexico an attractive target for this type of threat, especially if basic cybersecurity measures are not reinforced soon.
Cybercriminals are exploiting a weakness in websites created with ASP.NET, a very common technology for developing institutional pages. The problem lies in something called “machine keys,” a kind of digital key that should protect the website's information.
When these keys are leaked (due to poor configuration or carelessness), hackers can do whatever they want. Basically, they insert malicious code that allows them to execute commands directly on the servers. The most serious thing is that they do so without leaving any visible traces, which makes it difficult for security tools to detect the intrusion in time.
Every time they launch one of these attacks, they open a door to spy on systems, steal sensitive information, install spyware, or even paralyze entire services. All this without setting off any alarms, because the method they use is so technical and specific that many institutions don't even have it on their radar.
Read more: Ransomware in Mexico: Cyberattacks Cause Major IT Sector Losses
The recent analysis revealed that more than 400 agencies in Mexico could be exposed to this type of failure. Among them are the CFE (Federal Electricity Commission) and Conagua (National Water Commission), two key pillars of the national infrastructure.
This is not the first time that the CFE has been in the spotlight. Since at least 2015, it has been a constant target of cyberattacks, accounting for up to 70% of threats directed at the federal government, along with Pemex. And that's despite having invested more than 400 million pesos in modernizing its systems. Even so, it remains a very attractive target for criminal groups seeking to disrupt services, cause chaos, or simply demand million-dollar ransoms.
Conagua, for its part, is not far behind. In 2023, it was the victim of a ransomware attack that managed to paralyze a large part of its systems, including the National Meteorological Service. The incident put crucial data related to water management in the country at risk, demonstrating that water infrastructure is also in the crosshairs of cybercriminals.
Because this is no longer science fiction or something that only happens “in other countries.” Attacks are happening here and now, and often without most citizens (or the institutions themselves) finding out in time.
The risk is not just that confidential documents or numbers will be leaked. We are talking about threats that can affect basic services such as electricity, water supply, or access to real-time weather information. In other words, things we use every day and that are part of the essential functioning of the country.
And worst of all, attackers do not need sophisticated tools or supercomputers. All they need to do is detect an incorrect configuration or a poorly protected password to launch an attack.
Read more: What is dwell time in cybersecurity?
The good news is that there are ways to prevent this type of hacking, but they require swift action and specific changes. It is recommended that institutions in Mexico take proactive measures to close these open doors:
Thoroughly review their websites, especially those developed with ASP.NET, to ensure that there are no leaked digital keys that could be exploited by attackers.
Implement security signature systems, which help verify that data has not been modified and prevent manipulation from outside.
Improve the monitoring of web requests, using more advanced tools that can detect unusual behavior or patterns that previously went unnoticed.
Adopt modern threat detection solutions, as today's attacks are much more sophisticated. They no longer look like they used to; now they require constant surveillance and technologies that can recognize anomalous activities in real time.
In short: the key is to stop viewing cybersecurity as an expense and start treating it for what it really is: an essential investment to protect information, services, and ultimately millions of people.