In a new report, SWIFT and BAE Systems reveal how cyber attackers launder money and ‘cash out’ following large-scale heists.
SWIFT and BAE Systems Applied Intelligence have published a new report describing the complex web of money mules, front companies and cryptocurrencies that criminals use to siphon funds from the financial system after a cyber-attack.
SWIFT commissioned BAE Systems to investigate this element of the money laundering process as part of its Customer Security Programme (CSP), which seeks to help the financial community to strengthen its cyber defences.
Although there has been much research into the methods that cyber criminals use to conduct attacks, there has been less investigation into what happens to funds once they have been stolen, SWIFT says. The report highlights the ingenuity of money laundering tactics to obtain liquid financial assets and avoid any subsequent tracing of the funds.
According to the report, cyber criminals often recruit unsuspecting job seekers to serve as money mules that extract funds, in addition to using insiders at financial institutions to evade or undermine the scrutiny of compliance teams carrying out KYC and due diligence checks on new account openings.
In addition, the report says, they convert stolen funds into assets such as property and jewellery that hold value and are less likely to attract the attention of law enforcement, indicating their levels of professionalism and experience. Less experienced criminals who immediately make extravagant purchases have drawn the attention of law enforcement agencies and been arrested.
According to the report, cyber criminals tend to use textile, garment, fishery and seafood businesses as front companies to obfuscate funds, typically in parts of East Asia where less stringent regulations make it easier to conduct their activities.
Cryptocurrencies are also being used by cyber criminals for money laundering, albeit to a lesser degree, but where major incidents still involve millions of dollars. Digital transactions conducted in a peer-to-peer manner circumvent compliance and KYC checks at banks, and often requiring only an e-mail address, making them appealing to cyber criminals.
“The threat posed by cyber-attacks to the financial sector has never been greater,” said SWIFT’s Head of the Customer Security Programme, Brett Lancaster. “Attackers are well-resourced, constantly evolving their modus operandi and using untraceable money laundering techniques.”
“The report highlights how the growth in cyber-attacks is increasing the need for the convergence of anti-money laundering, fraud and cybersecurity processes in financial institutions.”
The report calls for financial institutions to increase information sharing, tighten due diligence requirements and smartly invest in maintaining systems to strengthen their defences.
The full report is available here.