How Cybercriminals Are Operationalizing Money Laundering and What to Do About It

It's time to share threat intelligence and prioritize digital literacy and cyber hygiene to stem the rising money laundering tide.

Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, FortiGuard Labs

February 6, 2023

4 Min Read
concept photo of money in a drying machine
Source: ronstik via Alamy Stock Photo

It's almost impossible to pinpoint the amount of money that's laundered globally, but conservative estimates put it at anywhere from $800 million to $2 trillion, according to the United Nations' Office on Drug and Crimes — and that's likely just the tip of the iceberg. It's a crime that, in turn, fuels some of the world's most heinous criminal activities. It's also a tactic used by cybercriminals to help try to cover up the profits they're making from things like wide-scale ransomware attacks. The rise of cryptocurrency also has made it easier for them to evade detection.

Financial institutions, cryptocurrency companies, and other organizations face increasing fines — sometimes ranging in the millions and billions of dollars — for failure to root out money laundering as government agencies and regulators worldwide seek to crack down on this scourge.

Here's the bad news as we look toward 2023: Automation is going to make the problem worse. We will see the rise of money laundering-as-a-service. But the silver lining is there are ways to stem the tide — and collaboratively reduce bad actors' ability to do so.

The Crypto-Money Laundering Connection

A preferred tactic by cybercriminal organizations looking to grow their ranks is to use what are known as money mules. These are individuals who are brought in to help launder money — sometimes, unknowingly. They're often lured in under false pretenses and promises of legitimate jobs, only to discover that "job" is to help launder the profits from cybercrime.

Back in the day, this money shuffling was typically done through anonymous wire transfer services. While they often got away with it, such transfers are far easier for law enforcement and regulators to track. These days, most criminals have moved to using cryptocurrency. Its relative lack of regulatory oversight, coupled with often-anonymous transactions, make it almost the ideal vehicle for money laundering. In fact, a report by Chainalysis found that criminals laundered $8.6 billion in cryptocurrency in 2021. That's a 30% increase from the prior year.

The Rise of Recruitment

Setting up recruitment campaigns for money mules takes time and energy. In their efforts to obfuscate their true purpose, cybercriminals will sometimes go to great lengths to build legit-looking websites for fake organizations and post fake job listings aimed at making those businesses seem aboveboard.

However, automation and machine learning (ML) will make this process far easier — and quicker. ML can be used to better target potential recruits in a faster manner, for one thing. We also expect to see some of the manual campaigns replaced with automated services that enable bad actors to move dirty money through the layers of crypto exchanges — that's going to make the process faster and harder to trace. And that means it also will be more difficult to recover stolen funds.

Collectively, these efforts comprise what we're calling money-laundering-as-a-service (MLaaS), and it's going to become another tool in the cybercrime tool chest.

Cutting 'Em Off at Their Knees

While cybercriminals are going to look for any methodology possible to make money laundering easier, that doesn't mean we have to accept this as a foregone conclusion.

The biggest factor in combating the rise of MLaaS is going to involve public-private collaboration on a much larger scale. Organizations across the map can share threat intelligence with one another, contributing to building a better defense all around.

It must be reiterated that cyber hygiene and education must be prioritized as well. No matter the type of organization you're in or the role you're in, this is essential for everyone. Everyone can play a key role in helping keep organizations safe from bad actors. This includes things like more digital literacy — and how to recognize a too-good-to-be-true job ad for the scam it really is. And of course, there's the concept of fighting fire with fire — as bad actors adopt more automation and ML-based approaches, so, too, must defenders.

About the Author

Derek Manky

Chief Security Strategist & VP Global Threat Intelligence, FortiGuard Labs

As Chief Security Strategist & VP Global Threat Intelligence at FortiGuard Labs, Derek Manky formulates security strategy with more than 15 years of cybersecurity experience. His ultimate goal is to make a positive impact toward the global war on cybercrime. Manky provides thought leadership to the industry, and has presented research and strategy worldwide at premier security conferences. As a cybersecurity expert, his work has included meetings with leading political figures and key policy stakeholders, including law enforcement, who help define the future of cybersecurity. He is actively involved with several global threat intelligence initiatives, including NATO NICP, Interpol Expert Working Group, the Cyber Threat Alliance (CTA) working committee, and FIRST, all in an effort to shape the future of actionable threat intelligence and proactive security strategy.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights