sb-eu logo
Story image

Cybercriminals laundering $200b in ill-gotten gains – here’s how

17 Mar 2018

A new report has landed with a number of startling findings, including the confirmation of a bustling cybercrime laundry market.

The comprehensive report from Bromium based on a nine month study found that up to US$200 billion in illegal cybercrime profits is laundered every year, making up an estimated 8-10 percent of total illegal profits laundered around the world.

“We invested in this research to instigate a meaningful conversation about how to disrupt the economic systems and poor security practices that enable cybercrime around the world; frankly because it’s far too easy for them,” says Bromium CEO Gregory Webb.

“Today it is easy for hackers to infect machines, steal data, and hold businesses and individuals for ransom or sell stolen IP because enterprise defences are not fit for purpose. It is equally easy for them to wash that money and convert it into cash – and the rise in use of unregulated, virtual currencies is making this even easier.”

Bromium’s report will certainly start many interesting conversations, with insightful findings around how cybercriminals are laundering their proceeds, including:

  • Virtual currencies have become the primary tool used by cybercriminals for money laundering
  • Cybercriminals are moving away from Bitcoin to less recognised virtual currencies, like Monero, that provide greater anonymity
  • In-game purchases and currencies are spurring a rise in gaming-related laundering; as China and South Korea become hotspots for gaming-currency laundering
  • Covert data collection found that PayPal and other digital payment systems are employed by cybercriminals to launder money
  • Digital payment systems laundering often involves the use of micro-laundering techniques where multiple, small payments are made so laundering limits aren’t triggered

Virtual currencies – Bitcoin falling out of favour with criminals?

According to Bromium, many cybercriminals are using virtual currency to make property purchases, effectively converting illegal proceeds into legitimate cash and assets.

There are websites (like Bitcoin Real Estate) with everything on offer from penthouse suites to 160 acre private islands that offer purchases using bitcoins. This option is popular as cryptocurrencies aren’t subjected to the close regulation and scrutiny that traditional cash purchases receive.

In fact, the report found that nearly 25 percent of total property sales are forecast to be made with cryptocurrency in just the next few years – a concerning statistic for financial analysts as swifter, more covert transactions (many with criminal origins) could disrupt global property markets.

However, law enforcement agencies are now paying particular attention to Bitcoin which has caused many cybercriminals to look for alternatives. According to Bromium, information on Bitcoin transactions can leak during web transactions (most often through web trackers or cookies), allowing the connection of individuals to transactions in up to 60 percent of Bitcoin payments.

Surrey University senior lecturer in criminology and researcher and report author Dr. Mike McGuire says this has led to cybercriminals utilising other more anonymous options, like Monero.

“It’s no surprise to see cybercriminals using virtual currency for money laundering. The attraction is obvious. It’s digital, so is an easily convertible way of acquiring and transferring cybercrime revenue,” says Dr. McGuire.

“Anonymity is also key, with platforms like Monero designed to be truly anonymous, and tumbler services like CoinJoin that can obscure transaction origins. Targeted organisations must do more to protect their customers.”

Considerable time spent on laundering through in-game currency and goods

Cybercriminals are increasingly converting stolen income into video game currency or in-game items like gold, which are converted into Bitcoin or other electronic formats. Bromium says games like Minecraft, FIFA, World of Warcraft, Final Fantasy, Star Wars Online and GTA 5 are the most popular options given they provide covert interactions with other players that allow trade of currency and goods.

“This trend appears to be particularly prevalent in countries like South Korea and China – with South Korean police arresting a gang transferring $38 million laundered in Korean games, back to China,” says Dr. McGuire.

“The advice on how to do this is readily available online and explains how cybercriminals can launder proceeds through both in-game currencies and goods.”

‘Secure’ digital payment systems facilitating laundering

The report estimates 10 percent of cybercriminals are using PayPal to launder money, with a further 35 percent utilising other digital payment systems like Skrill, Dwoll, Zoom, and mobile payment systems like M-Pesa.

One method that is becoming increasingly common and more difficult to detect is called ‘micro laundering’ where thousands of small electronic payments are made through platforms like PayPal. Another common technique is to use online transactions via sites like eBay to encourage the laundering.

“The growing use of digital payment systems by cybercriminals is creating significant problems for the global financial system. Revenues that previously would have flowed within proven and well-established banking systems and could be traced are now outside of its jurisdiction,” says Dr. McGuire.

“Digital payment systems are most effective when combined with other digital resources, like virtual currencies and online banking. This hides the money trail and confuses law enforcement and financial regulators.”

Dr. McGuire says now is the time for change, where law enforcement, the cybersecurity industry and both the public and private sectors need to be vigilant about disrupting cybercrime.

“We need a whole new approach to cybersecurity or these figures will continue to increase over time,” Dr. McGuire concludes.

Further findings will be released during the RSA Conference in San Francisco on April 20 where Dr. McGuire will present the full report.

Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Story image
Remote staff overestimating knowledge of cybersecurity basics
‘Unconscious incompetence’ is one of the most difficult issues to identify and solve with security awareness training.More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More