Subscribe
About

How cyber criminals cash out amid more attacks in SA

Admire Moyo
By Admire Moyo, ITWeb news editor.
Johannesburg, 04 Sep 2020

A new report by the Society for Worldwide Interbank Financial Telecommunication (SWIFT) and BAE Systems Applied Intelligence has shed some light on how cyber criminals cash out their ill-gotten gains.

The report comes as cyber criminals have upped the ante in attacking high-profile South African companies one after the other.

Published yesterday, the “Follow the Money” report describes the complex web of money mules, front companies and crypto-currencies that criminals use to siphon funds from the financial system after a cyber attack.

Among the other findings in the report, it says cyber criminals are making use of front companies. It says cyber criminals tend to focus on textile, garment, fishery and seafood businesses to obfuscate funds.

According to the report, the criminals find it easier to operate in parts of East Asia where less stringent regulations make it easier to conduct their activities.

It notes that while the number of identified cases of money laundering through crypto-currencies is low so far, there have been a couple of major incidents involving millions of dollars.

Digital transactions are appealing because they are conducted in a peer-to-peer manner that circumvents the compliance and know your customer checks conducted by banks, and often require only an e-mail address

The method chosen by cyber criminals to cash out and spend the stolen funds is indicative of their levels of professionalism and experience, says the report.

Convergence of anti-money laundering

Brett Lancaster, head of the customer security programme at SWIFT, says: “The threat posed by cyber attacks to the financial sector has never been greater.

“Attackers are well-resourced, constantly evolving their modus operandi and using untraceable money-laundering techniques. The report highlights how the growth in cyber attacks is increasing the need for the convergence of anti-money-laundering, fraud and cyber security processes in financial institutions. It calls for them to increase information sharing, tighten due diligence requirements and smartly invest in maintaining systems to strengthen their defences.”

Simon Viney, cyber security financial services sector lead at BAE Systems Applied Intelligence, says: “The activity from cyber criminals and gangs across the world is estimated to result in over $1.5 trillion in annual losses.

“This report focuses on money-laundering-related activities necessary for cyber attackers to conduct and ‘cash out’ a successful attack and avoid the money subsequently being traced.”

The report comes as a number of South African organisations recently made headlines after suffering cyber attacks.

This week, construction group Stefanutti Stocks became the latest South African company to be hit by a cyber attack.

Last week, ITWeb reported that Lombard Insurance was working with the Information Regulator and South African authorities after suffering a data breach.

Before the Lombard incident, credit bureau Experian also experienced a breach of data which exposed some personal information of as many as 24 million South Africans and 793 749 business entities to a suspected fraudster.

Last month, financial services provider Momentum Metropolitan was also hit by a cyber attack.

Devastating losses

Brian Pinnock, cyber security expert at Mimecast, comments that the past couple of months should lay to rest any doubt over whether South African organisations are under sustained attack from cyber criminals.

“Over the past three months, we’ve seen well-known local healthcare and financial organisations falling victim to cyber attacks and data breaches, and in some cases being forced offline,” Pinnock says.

“The local data breaches coincided with high-profile attacks and outages for global brands like Twitter and Garmin. And in headline-grabbing news, credit bureau Experian reported a massive breach of data that exposed the personal information of up to 24 million South Africans and nearly 800 000 businesses.”

Pinnock says these incidents have brought to light a battle that has been waging quietly in the background.

“Cyber criminals – using increasingly sophisticated techniques – are targeting South African public and private sector organisations in orchestrated attacks that could lead to devastating losses in business productivity, reputational damage and revenue.”

He adds that in the Mimecast State of Email Security 2020 report, 53% of South African organisations reported increased phishing attacks and 46% reported increased incidences of impersonation fraud compared to the previous year.

“The coronavirus pandemic only served to accelerate the volume of attacks – a Mimecast Threat Intel report found a 75% increase in impersonation fraud in South Africa over the first 100 days of the pandemic.”

Pinnock notes that as South African organisations implement systems and policies to ensure compliance to the Protection of Personal Information Act, which comes into force in July 2021, “we are likely to hear about more data breaches.

“This is in part because of the legislative requirement to inform customers and regulators of any breach as soon as reasonably possible. The regulator appears to have since indicated that 72 hours is a reasonable period.”

Share