SWIFT: New report reveals how cyber attackers ‘cash out’ following large-scale heists

September 03, 2020 - 08:29
SWIFT: New report reveals how cyber attackers ‘cash out’ following large-scale heists

  • By illuminating final stage inmoney laundering process, BAE Systems report commissioned by SWIFT supportsefforts by banks to prevent, detect and respond to cyber-attacks

KUALALUMPUR, MALAYSIA / MANILA, PHILIPPINES - Media OutReach -3 September 2020 - SWIFT and BAE Systems Applied Intelligencetoday published 'Follow the Money', a new report that describes the complex webof money mules, front companies and cryptocurrencies that criminals use tosiphon funds from the financial system after a cyber-attack.

The report highlights the ingenuity of moneylaundering tactics to obtain liquid financial assets and avoid any subsequenttracing of the funds. For instance, cyber criminals often recruit unsuspectingjob seekers to serve as money mules that extract funds by placing legitimatesounding job advertisements, complete with references to the organisation's diversityand inclusion commitments. They use insiders at financial institutions to evadeor undermine the scrutiny of compliance teams carrying out know-your-customer(KYC) and due diligencechecks on new account openings. And they convert stolen funds into assets suchas property and jewellery which are likely to hold their value and less likelyto attract the attention of law enforcement.

SWIFTcommissioned BAE Systems to investigate this element of the money launderingprocess as part of its Customer Security Programme (CSP). The CSP continuallyhelps the financial community to strengthen its cyberdefences through a range of measures including mandatory controls, intelligencesharing and thought leadership. Although there has been much research into the methods that cyber criminalsuse to conduct attacks, there has been less investigation into what happens tofunds once they have been stolen. The aim of this report is to illuminate thetechniques used by cyber criminals to 'cash out' so that SWIFT's global communityof over 11,000 financial institutions, market infrastructures and corporates canbetter protect themselves.

Brett Lancaster, Head of the Customer Security Programme at SWIFTsaid: "The threat posed by cyber-attacks to the financial sector has never beengreater. Attackers are well-resourced, constantly evolving their modus operandiand using untraceable money laundering techniques. The report highlights howthe growth in cyber-attacks is increasing the need for the convergence ofanti-money laundering, fraud and cybersecurity processes in financialinstitutions. It calls for them to increase information sharing, tighten duediligence requirements and smartly invest in maintaining systems to strengthentheir defences."

Simon Viney, Cyber Security Financial ServicesSector Lead at BAE Systems Applied Intelligence said: "The activity from cybercriminals and gangs across the world is estimated to result in over $1.5trillion dollars in annual losses. This report focuses on money laundering related activities necessary forcyber attackers to conduct and 'cash out' a successful attack and avoid the moneysubsequently being traced. As technology and criminals'techniques evolve at a rapid pace, so will the need for institutions, bothprivate sector and law enforcement, to collaborate and maintain awareness ofevolving money laundering techniques, in order to reduce the opportunities forthreat groups to benefit from committing high-value cyber heists."

Among the other findings in the report:

  • Front companies -- cyber criminals tendto focus on textile, garment, fishery and seafood businesses to obfuscate funds.They find it easier to operate in parts of East Asia where less stringentregulations make it easier to conduct their activities.
  • Cryptocurrencies -- while the number ofidentified cases of money laundering through cryptocurrencies is low so far,there have been a couple of major incidents involving millions of dollars.Digital transactions are appealing because they are conducted in a peer-to-peermanner that circumvents the compliance and KYC checks conducted by banks, andoften require only an e-mail address
  • Experience - The method chosen by cybercriminals to cash out and spend the stolen funds is indicative of their levelsof professionalism and experience. Some inexperienced criminals have immediatelymade extravagant purchases drawing the attention of law enforcement agenciesand leading to arrests.

The Follow the Money report is available todownload now. Visit www.swift.com/resource/follow-the-moneyto download your copy of the report.


SWIFT is a global member owned cooperative and the world's leadingprovider of secure financial messaging services. We provide our community witha platform for messaging and standards for communicating, and we offer productsand services to facilitate access and integration, identification, analysis andregulatory compliance.

Our messaging platform, products and services connect more than 11,000banking and securities organisations, market infrastructures and corporatecustomers in more than 200 countries and territories. While SWIFT does not holdfunds or manage accounts on behalf of customers, we enable our global communityof users to communicate securely, exchanging standardised financial messages ina reliable way, thereby supporting global and local financial flows, as well astrade and commerce all around the world.

As their trusted provider, we relentlessly pursue operational excellence;we support our community in addressing cyber threats; and we continually seekways to lower costs, reduce risks and eliminate operational inefficiencies. Ourproducts and services support our community's access and integration, businessintelligence, reference data and financial crime compliance needs. SWIFT alsobrings the financial community together -- at global, regional and local levels-- to shape market practice, define standards and debate issues of mutualinterest or concern. SWIFT's strategic five year plan, SWIFT2020, challenges SWIFT to continueinvesting in the security, reliability and growth of its core messagingplatform, while making additional investments in existing services anddelivering new and innovative solutions.

Headquartered in Belgium, SWIFT's international governance and oversightreinforces the neutral, global character of its cooperative structure. SWIFT'sglobal office network ensures an active presence in all the major financialcentres.

About BAE Systems Applied Intelligence

At BAE Systems Applied Intelligence, we help nations, governments and businesses around the world defendthemselves against cybercrime, reduce their risk in the connected world, complywith regulation, and transform their operations. For more information regarding our compliance, fraud detection andprevention solutions, visit https://www.baesystems.com/financialservices/