A new report, ‘Follow the Money’, describes the complex web of money laundering, money mules, front companies and cryptocurrencies that criminals use to siphon funds from the financial system after a large-scale cyberattack.
The report, by SWIFT and BAE Systems recently, highlights the ingenuity of money laundering tactics to obtain liquid financial assets and avoid any subsequent tracing of the funds.
The activities of all cyber-criminals, whether working individually, as part of a small gang, as organised crime groups, or even for a nation state, have resulted in annual total cyber-crime revenue estimated at $1.5 trillion.
Banks remain a prime target for cyber-criminals because they are critical infrastructure that can facilitate direct access to cash/funds. The financial industry, however, is not an easy target.
Banks, law enforcement and industry bodies continue to evolve cyber defences, improve information sharing, and regularly prevent money from ultimately being stolen even when the first stage of a cyber-attack may have seemed successful.
Cross industry efforts such as SWIFT’s Customer Security Programme (CSP), which provides tools, information and a framework to help the SWIFT community secure itself, and payments screening services continue to evolve to mitigate cyber-attacks.
In addition, banks have improved response security controls such as the ability to stop or recall fraudulent payment instructions where these are identified quickly enough. However, the lure of targeting banks to get ready access to cash remains prevalent, and attackers continue to develop their techniques.
In recent years, many attacks have moved from targeting high-value payment systems to targeting ATM networks and related systems. While these may, on the face of it, seem to have a lower inherent value as any ATM inherently holds a limited amount of cash, in terms of successfully obtaining multi-million dollar sums of money across a number of attacks, this has to date proved to be a successful alternate route for attackers.
But irrespective of the cyber-attack method, the challenge all criminals face after a successful cyber-attack is getting hold of cash or other liquid financial assets that are perceived as ‘clean’, i.e. where it is not possible to tell it is from the proceeds of crime.
This is where the need for money laundering comes in. The money laundering and associated techniques described in the report are those considered relevant to large-scale cyber heists against banks’ high-value payment systems and ATM related systems, including Backoffice payment systems.
Such cyber attacks involve being able to manipulate or subvert the correct operation of high-value payment systems or management systems controlling a number of ATMs.
This paper has not specifically considered what happens to money stolen in other financial crime related attacks such as physical attacks against individual ATMs, card skimming and cloning, banking Trojans and malware, authorised push payment or business email compromise type attacks.
However, the money laundering techniques and controls described are likely to also be relevant in many of these cases.
Money Laundering Overview
In the strictest sense, money is laundered whenever a person or business deals in any way with another person or organisation’s benefits from crime. Traditionally, money laundering has been described as a process which takes place in three stages: placement, layering and integration:
- Placement – Criminally derived funds are introduced into the financial system in the case of an ATM styleattack, or, in the case of a cyber heist against a bank’s high value payment systems; placement covers the initial fraudulent movement of funds
- Layering – Illicit funds are moved through the financial system in order to disguise their origin and ownership. This is the most substantive phase of the process
- Integration – Laundered funds are re-introduced into the legitimate economy, or reinvested into the criminal enterprise
Various methods underpin how funds are typically removed from a bank during a large-scale cyber-heist, as well as the money laundering techniques that aim to conceal their subsequent movement. There can also be significant overlap between the money laundering phases in reality.
To read the full report CLICK HERE
The post Follow the money: an investigation into money laundering tactics appeared first on Payments Cards & Mobile.