Story image

Cybercriminals laundering $200b in ill-gotten gains – here’s how

17 Mar 2018

A new report has landed with a number of startling findings, including the confirmation of a bustling cybercrime laundry market.

The comprehensive report from Bromium based on a nine month study found that up to US$200 billion in illegal cybercrime profits is laundered every year, making up an estimated 8-10 percent of total illegal profits laundered around the world.

“We invested in this research to instigate a meaningful conversation about how to disrupt the economic systems and poor security practices that enable cybercrime around the world; frankly because it’s far too easy for them,” says Bromium CEO Gregory Webb.

“Today it is easy for hackers to infect machines, steal data, and hold businesses and individuals for ransom or sell stolen IP because enterprise defences are not fit for purpose. It is equally easy for them to wash that money and convert it into cash – and the rise in use of unregulated, virtual currencies is making this even easier.”

Bromium’s report will certainly start many interesting conversations, with insightful findings around how cybercriminals are laundering their proceeds, including:

  • Virtual currencies have become the primary tool used by cybercriminals for money laundering
  • Cybercriminals are moving away from Bitcoin to less recognised virtual currencies, like Monero, that provide greater anonymity
  • In-game purchases and currencies are spurring a rise in gaming-related laundering; as China and South Korea become hotspots for gaming-currency laundering
  • Covert data collection found that PayPal and other digital payment systems are employed by cybercriminals to launder money
  • Digital payment systems laundering often involves the use of micro-laundering techniques where multiple, small payments are made so laundering limits aren’t triggered

Virtual currencies – Bitcoin falling out of favour with criminals?

According to Bromium, many cybercriminals are using virtual currency to make property purchases, effectively converting illegal proceeds into legitimate cash and assets.

There are websites (like Bitcoin Real Estate) with everything on offer from penthouse suites to 160 acre private islands that offer purchases using bitcoins. This option is popular as cryptocurrencies aren’t subjected to the close regulation and scrutiny that traditional cash purchases receive.

In fact, the report found that nearly 25 percent of total property sales are forecast to be made with cryptocurrency in just the next few years – a concerning statistic for financial analysts as swifter, more covert transactions (many with criminal origins) could disrupt global property markets.

However, law enforcement agencies are now paying particular attention to Bitcoin which has caused many cybercriminals to look for alternatives. According to Bromium, information on Bitcoin transactions can leak during web transactions (most often through web trackers or cookies), allowing the connection of individuals to transactions in up to 60 percent of Bitcoin payments.

Surrey University senior lecturer in criminology and researcher and report author Dr. Mike McGuire says this has led to cybercriminals utilising other more anonymous options, like Monero.

“It’s no surprise to see cybercriminals using virtual currency for money laundering. The attraction is obvious. It’s digital, so is an easily convertible way of acquiring and transferring cybercrime revenue,” says Dr. McGuire.

“Anonymity is also key, with platforms like Monero designed to be truly anonymous, and tumbler services like CoinJoin that can obscure transaction origins. Targeted organisations must do more to protect their customers.”

Considerable time spent on laundering through in-game currency and goods

Cybercriminals are increasingly converting stolen income into video game currency or in-game items like gold, which are converted into Bitcoin or other electronic formats. Bromium says games like Minecraft, FIFA, World of Warcraft, Final Fantasy, Star Wars Online and GTA 5 are the most popular options given they provide covert interactions with other players that allow trade of currency and goods.

“This trend appears to be particularly prevalent in countries like South Korea and China – with South Korean police arresting a gang transferring $38 million laundered in Korean games, back to China,” says Dr. McGuire.

“The advice on how to do this is readily available online and explains how cybercriminals can launder proceeds through both in-game currencies and goods.”

‘Secure’ digital payment systems facilitating laundering

The report estimates 10 percent of cybercriminals are using PayPal to launder money, with a further 35 percent utilising other digital payment systems like Skrill, Dwoll, Zoom, and mobile payment systems like M-Pesa.

One method that is becoming increasingly common and more difficult to detect is called ‘micro laundering’ where thousands of small electronic payments are made through platforms like PayPal. Another common technique is to use online transactions via sites like eBay to encourage the laundering.

“The growing use of digital payment systems by cybercriminals is creating significant problems for the global financial system. Revenues that previously would have flowed within proven and well-established banking systems and could be traced are now outside of its jurisdiction,” says Dr. McGuire.

“Digital payment systems are most effective when combined with other digital resources, like virtual currencies and online banking. This hides the money trail and confuses law enforcement and financial regulators.”

Dr. McGuire says now is the time for change, where law enforcement, the cybersecurity industry and both the public and private sectors need to be vigilant about disrupting cybercrime.

“We need a whole new approach to cybersecurity or these figures will continue to increase over time,” Dr. McGuire concludes.

Further findings will be released during the RSA Conference in San Francisco on April 20 where Dr. McGuire will present the full report.

GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.