How Cybercriminals Are Operationalizing Money Laundering and What to Do About It
It's time to share threat intelligence and prioritize digital literacy and cyber hygiene to stem the rising money laundering tide.
February 6, 2023
It's almost impossible to pinpoint the amount of money that's laundered globally, but conservative estimates put it at anywhere from $800 million to $2 trillion, according to the United Nations' Office on Drug and Crimes — and that's likely just the tip of the iceberg. It's a crime that, in turn, fuels some of the world's most heinous criminal activities. It's also a tactic used by cybercriminals to help try to cover up the profits they're making from things like wide-scale ransomware attacks. The rise of cryptocurrency also has made it easier for them to evade detection.
Financial institutions, cryptocurrency companies, and other organizations face increasing fines — sometimes ranging in the millions and billions of dollars — for failure to root out money laundering as government agencies and regulators worldwide seek to crack down on this scourge.
Here's the bad news as we look toward 2023: Automation is going to make the problem worse. We will see the rise of money laundering-as-a-service. But the silver lining is there are ways to stem the tide — and collaboratively reduce bad actors' ability to do so.
The Crypto-Money Laundering Connection
A preferred tactic by cybercriminal organizations looking to grow their ranks is to use what are known as money mules. These are individuals who are brought in to help launder money — sometimes, unknowingly. They're often lured in under false pretenses and promises of legitimate jobs, only to discover that "job" is to help launder the profits from cybercrime.
Back in the day, this money shuffling was typically done through anonymous wire transfer services. While they often got away with it, such transfers are far easier for law enforcement and regulators to track. These days, most criminals have moved to using cryptocurrency. Its relative lack of regulatory oversight, coupled with often-anonymous transactions, make it almost the ideal vehicle for money laundering. In fact, a report by Chainalysis found that criminals laundered $8.6 billion in cryptocurrency in 2021. That's a 30% increase from the prior year.
The Rise of Recruitment
Setting up recruitment campaigns for money mules takes time and energy. In their efforts to obfuscate their true purpose, cybercriminals will sometimes go to great lengths to build legit-looking websites for fake organizations and post fake job listings aimed at making those businesses seem aboveboard.
However, automation and machine learning (ML) will make this process far easier — and quicker. ML can be used to better target potential recruits in a faster manner, for one thing. We also expect to see some of the manual campaigns replaced with automated services that enable bad actors to move dirty money through the layers of crypto exchanges — that's going to make the process faster and harder to trace. And that means it also will be more difficult to recover stolen funds.
Collectively, these efforts comprise what we're calling money-laundering-as-a-service (MLaaS), and it's going to become another tool in the cybercrime tool chest.
Cutting 'Em Off at Their Knees
While cybercriminals are going to look for any methodology possible to make money laundering easier, that doesn't mean we have to accept this as a foregone conclusion.
The biggest factor in combating the rise of MLaaS is going to involve public-private collaboration on a much larger scale. Organizations across the map can share threat intelligence with one another, contributing to building a better defense all around.
It must be reiterated that cyber hygiene and education must be prioritized as well. No matter the type of organization you're in or the role you're in, this is essential for everyone. Everyone can play a key role in helping keep organizations safe from bad actors. This includes things like more digital literacy — and how to recognize a too-good-to-be-true job ad for the scam it really is. And of course, there's the concept of fighting fire with fire — as bad actors adopt more automation and ML-based approaches, so, too, must defenders.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024