Activities by cyber attackers and gangs across the world are estimated to result in more than US$1.5 trillion dollars in annual losses, said SWIFT and BAE Systems Applied Intelligence which recently released together a report titled Follow the Money.
Behind cybercrime is a complex web of money mules, front companies and cryptocurrencies that criminals use to siphon funds from the financial system after a cyber attack, Brett Lancaster, Head of the Customer Security Programme at SWIFT pointed out.
While there’s been much research into the methods that cyber criminals use to conduct attacks, there has been less investigation into what happens to funds once they have been stolen, Lancaster said
According to the report, cyber criminals often recruit unsuspecting job seekers to serve as money mules that extract funds by placing legitimate sounding job advertisements, complete with references to the organisation’s diversity and inclusion commitments.
They use insiders at financial institutions to evade or undermine the scrutiny of compliance teams carrying out know-your-customer (KYC) and due diligence checks on new account openings, SWIFT said.
And then they convert stolen funds into assets such as property and jewellery which are likely to hold their value and less likely to attract the attention of law enforcement, the company added.
The aim of this report is to illuminate the techniques used by cyber criminals to ‘cash out’ so that SWIFT’s global community of more than 11,000 financial institutions, market infrastructures and corporates can better protect themselves, said Lancaster.
Key findings of the report
Front companies. Cyber criminals tend to focus on textile, garment, fishery and seafood businesses to obfuscate funds. They find it easier to operate in parts of East Asia where less stringent regulations make it easier to conduct their activities.
Cryptocurrencies. While the number of identified cases of money laundering through cryptocurrencies is low so far, there have been a couple of major incidents involving millions of dollars. Digital transactions are appealing because they are conducted in a peer-to-peer manner that circumvents the compliance and KYC checks conducted by banks, and often require only an e-mail address
Experience. The method chosen by cyber criminals to cash out and spend the stolen funds is indicative of their levels of professionalism and experience. Some inexperienced criminals have immediately made extravagant purchases drawing the attention of law enforcement agencies and leading to arrests.