News

SWIFT: New report reveals how cyber attackers �cash out� following large-scale heists

  • By illuminating final stage in
    money laundering process, BAE Systems report commissioned by SWIFT supports
    efforts by banks to prevent, detect and respond to cyber-attacks

KUALA
LUMPUR, MALAYSIA / MANILA, PHILIPPINES -�Media OutReach�-
3 September 2020 -�SWIFT and BAE Systems Applied Intelligence
today published 'Follow the Money', a new report that describes the complex web
of money mules, front companies and cryptocurrencies that criminals use to
siphon funds from the financial system after a cyber-attack.

The report highlights the ingenuity of money
laundering tactics to obtain liquid financial assets and avoid any subsequent
tracing of the funds. For instance, cyber criminals often recruit unsuspecting
job seekers to serve as money mules that extract funds by placing legitimate
sounding job advertisements, complete with references to the organisation's diversity
and inclusion commitments. They use insiders at financial institutions to evade
or undermine the scrutiny of compliance teams carrying out know-your-customer
(KYC) and due diligence
checks on new account openings. And they convert stolen funds into assets such
as property and jewellery which are likely to hold their value and less likely
to attract the attention of law enforcement.

SWIFT
commissioned BAE Systems to investigate this element of the money laundering
process as part of its Customer Security Programme (CSP). The CSP continually
helps the financial community to strengthen its cyber
defences through a range of measures including mandatory controls, intelligence
sharing and thought leadership. Although there has been much research into the methods that cyber criminals
use to conduct attacks, there has been less investigation into what happens to
funds once they have been stolen. The aim of this report is to illuminate the
techniques used by cyber criminals to 'cash out' so that SWIFT's global community
of over 11,000 financial institutions, market infrastructures and corporates can
better protect themselves.

Brett Lancaster, Head of the Customer Security Programme at SWIFT
said: "The threat posed by cyber-attacks to the financial sector has never been
greater. Attackers are well-resourced, constantly evolving their modus operandi
and using untraceable money laundering techniques. The report highlights how
the growth in cyber-attacks is increasing the need for the convergence of
anti-money laundering, fraud and cybersecurity processes in financial
institutions. It calls for them to increase information sharing, tighten due
diligence requirements and smartly invest in maintaining systems to strengthen
their defences."

Simon Viney, Cyber Security Financial Services
Sector Lead at BAE Systems Applied Intelligence said: "The activity from cyber
criminals and gangs across the world is estimated to result in over $1.5
trillion dollars in annual losses. This report focuses on money laundering related activities necessary for
cyber attackers to conduct and 'cash out' a successful attack and avoid the money
subsequently being traced. As technology and criminals'
techniques evolve at a rapid pace, so will the need for institutions, both
private sector and law enforcement, to collaborate and maintain awareness of
evolving money laundering techniques, in order to reduce the opportunities for
threat groups to benefit from committing high-value cyber heists."

Among the other findings in the report:

  • Front companies -- cyber criminals tend
    to focus on textile, garment, fishery and seafood businesses to obfuscate funds.
    They find it easier to operate in parts of East Asia where less stringent
    regulations make it easier to conduct their activities.
  • Cryptocurrencies -- while the number of
    identified cases of money laundering through cryptocurrencies is low so far,
    there have been a couple of major incidents involving millions of dollars.
    Digital transactions are appealing because they are conducted in a peer-to-peer
    manner that circumvents the compliance and KYC checks conducted by banks, and
    often require only an e-mail address
  • Experience - The method chosen by cyber
    criminals to cash out and spend the stolen funds is indicative of their levels
    of professionalism and experience. Some inexperienced criminals have immediately
    made extravagant purchases drawing the attention of law enforcement agencies
    and leading to arrests.

The Follow the Money report is available to
download now. Visit www.swift.com/resource/follow-the-money
to download your copy of the report.

About SWIFT

SWIFT is a global member owned cooperative and the world's leading
provider of secure financial messaging services. We provide our community with
a platform for messaging and standards for communicating, and we offer products
and services to facilitate access and integration, identification, analysis and
regulatory compliance.

Our messaging platform, products and services connect more than 11,000
banking and securities organisations, market infrastructures and corporate
customers in more than 200 countries and territories. While SWIFT does not hold
funds or manage accounts on behalf of customers, we enable our global community
of users to communicate securely, exchanging standardised financial messages in
a reliable way, thereby supporting global and local financial flows, as well as
trade and commerce all around the world.

As their trusted provider, we relentlessly pursue operational excellence;
we support our community in addressing cyber threats; and we continually seek
ways to lower costs, reduce risks and eliminate operational inefficiencies. Our
products and services support our community's access and integration, business
intelligence, reference data and financial crime compliance needs. SWIFT also
brings the financial community together -- at global, regional and local levels
-- to shape market practice, define standards and debate issues of mutual
interest or concern. SWIFT's strategic five year plan, SWIFT2020, challenges SWIFT to continue
investing in the security, reliability and growth of its core messaging
platform, while making additional investments in existing services and
delivering new and innovative solutions.

Headquartered in Belgium, SWIFT's international governance and oversight
reinforces the neutral, global character of its cooperative structure. SWIFT's
global office network ensures an active presence in all the major financial
centres.

About BAE Systems Applied Intelligence

At BAE Systems Applied Intelligence, we help nations, governments and businesses around the world defend
themselves against cybercrime, reduce their risk in the connected world, comply
with regulation, and transform their operations.
For more information regarding our compliance, fraud detection and
prevention solutions, visit�
https://www.baesystems.com/financialservices/

To Top