Sophistication off the Charts When Cybercriminals Cash Out

Photo credit: iStockphoto/Sinenkiy

What happens to the ransomware and stolen funds after a cyberattack?

It is a question that a new report by SWIFT and BAE Systems Applied Intelligence,  titled “Follow the Money,” investigated. The findings from over 11,000 financial institutions showed that cybercriminal activity is now a sophisticated affair.

Liquidating ill-gotten funds from cybersecurity attacks is both science and art. With 24/7 near-instant detection, coordinated industry surveillance, and AI-driven AML tracing increasing scrutiny, cybersecurity criminals are exploring new tactics to evade. And they are often using non-technology means to circumvent the technology.

One is the practice of recruiting money mules. Cybercriminals prey on legitimate job seekers to extract funds. It involves job advertisements that even come with references to diversity, equity, and inclusion commitments.

They are also redoubling their efforts to target insiders within financial institutions to undermine compliance scrutiny on know-your-customer (KYC) and due diligence checks. The stolen money is often converted into property and jewelry to hold the value and evade law enforcement attention at the same time, with experienced cybercriminals often using smaller conversions to avoid detection.

Front companies are becoming a standard instrument for laundering cash. The report noted that these are often textile, garment, fishery, and seafood businesses, as cybercriminals feel they are easier to obscure fund sources. Less stringent regulations for these businesses also make them a cybercriminal favorite.

Surprisingly, the number of cases of using cryptocurrencies for money laundering remains small. However, incidents do involve more considerable sums of money. The report noted that digital transactions continue to appeal to cybercriminals because they are conducted in a peer-to-peer manner that circumvents the compliance and KYC checks undertaken by banks, and often require only an e-mail address.

To combat the increase in sophistication in money laundering, SWIFT and BAE Systems Applied Intelligence called for better collaboration among all stakeholders.

“The report highlights how the growth in cyber-attacks is increasing the need for the convergence of anti-money laundering, fraud, and cybersecurity processes in financial institutions. It calls for them to increase information sharing, tighten due diligence requirements and smartly invest in maintaining systems to strengthen their defenses,” said Brett Lancaster, head of the customer security programme at SWIFT.

“As technology and criminals’ techniques evolve at a rapid pace, so will the need for institutions, both private sector, and law enforcement, to collaborate and maintain awareness of evolving money laundering techniques, in order to reduce the opportunities for threat groups to benefit from committing high-value cyber heists,” added Simon Viney, cyber security financial services sector lead at BAE Systems Applied Intelligence.

Photo credit: iStockphoto/Sinenkiy