SWIFT and BAE Systems recently published ?Follow the Money?, a new report that describes the complex web of money mules, front companies and cryptocurrencies that criminals use to siphon funds from the financial system after a large-scale cyberattack.

The report highlights the ingenuity of money laundering tactics to obtain liquid financial assets and avoid any subsequent tracing of the funds.

For instance, cyber criminals often recruit unsuspecting job seekers to serve as money mules that extract funds by placing legitimate sounding job advertisements, complete with references to the organisation's diversity and inclusion commitments. They use insiders at financial institutions to evade or undermine the scrutiny of compliance teams carrying out know-your-customer (KYC) and due diligence checks on new account openings. The fraudsters then convert stolen funds into assets such as property and jewellery which are likely to hold their value and less likely to attract the attention of law enforcement.

SWIFT commissioned BAE to investigate this element of the money laundering process as part of its Customer Security Programme (CSP). The CSP continually helps the financial community to strengthen its cyber defences through a range of measures including intelligence sharing and thought leadership. Although there has been much research into the methods that cybercriminals use to conduct attacks, there has been less investigation into what happens to funds once they have been stolen.
Some of the other findings in the report include:

• Front companies - cyber criminals tend to focus on high-end luxury goods markets, such as the gold market and the diamond and jewels industries, as well as more generic cash intensive businesses like betting shops, casinos, or other services to obfuscate funds. They find it easier to operate in parts of east Asia where fewer and less stringent regulations make it easier to conduct illicit activities.
• Cryptocurrencies ? while the number of identified cases of money laundering through cryptocurrencies is low, there have been a couple of major incidents involving millions of dollars. Digital transactions are appealing because they are conducted in a peer-to-peer manner that circumvents the compliance and KYC checks conducted by banks, and often require only an e-mail address.
• Experience - The method chosen by cyber criminals to cash out and spend the stolen funds is indicative of their levels of professionalism and experience. Some inexperienced criminals have immediately made extravagant purchases drawing the attention of law enforcement agencies and leading to arrests.

The report illuminates the techniques used by cyber criminals to ?cash out? so that SWIFT's global community of over 11,000 financial institutions, market infrastructures and corporates can better protect themselves. It also stresses the need for financial institutions and law enforcement to collaborate even more and to increase information sharing in order to reduce the opportunities for threat groups to commit high-value cyber heists.

It's worth remembering that the ?organised criminal? relies on sophisticated business models that show preparatory work in advance of the attack to facilitate the ?cashing out?. The recruitment and establishment of money mules is a significant part of this and should not be considered as a more ?benign? part of the Organised Crime Network activity.

To find out more please join a webinar on 17 November (2pm UK time) moderated by Karen Baxter, Managing Director, Intelligence Strategy for Economic Crime at UK Finance, Brett Lancaster, MD, Global Head of Customer Security, CSP Programme Director at SWIFT and Simon Viney, Cyber Security Financial Services Sector Lead at BAE Systems.

To register click here: https://event.on24.com/wcc/r/2818595/4AE96469590E7ACD4A3DC776F82381BA