Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .


Looking to 2023: Defeating Money Laundering-as-a-Service and Other Emerging Threats

iStock 1353059255 - Global Banking | Finance

FTNT Michael Brown - Global Banking | FinanceBy Michael Brown, field CISO for financial services, Fortinet

U.S. financial institutions paid $1.2 billion in ransomware-related payments in 2021 – almost 200% more than the prior year, according to the U.S. Treasury Department. And while total numbers for 2022 are still being compiled, it’s likely to surpass that. Bad actors continue to slam this sector, even as it works to bolster security defenses and raise more awareness.

As we look to 2023, security leaders in these institutions must remain on high alert. Some of the big things to watch out for in the coming year include the increased use of Ransomware-as-Service (RaaS) and Crime-as-a-Service (CaaS), and the rise of Money Laundering as a Service (LaaS).

RaaS threat on the rise

Across almost every sector, ransomware has flourished in the past year – and it’s being driven largely by RaaS, which is a subscription-based ransomware system. It’s part of the CaaS industry, which involves seasoned attackers selling their expertise and tools to enable others to commit cybercrimes. The CaaS market offers a variety of attack vectors and related code, including, but not limited to, phishing kits, DDoS attacks and, of course, RaaS.

RaaS programs are distinctive in that they free attackers from having to create their own malicious code. This enables hackers, regardless of experience level, to successfully target individuals, financial firms and other entities to make a quick buck. Cybercriminals gain access to ransomware and other malware for a monthly fee, similar to the model for popular streaming media subscriptions or food delivery services.

CaaS will expand

Based on the success of RaaS, a growing number of other attack vectors will become accessible as a service through the dark web to support the considerable growth of Cybercrime-as-a-Service. There will be an increase in additional, smaller services along with the sale of Malware-as-a-Service such as ransomware.

Threat actors of all skill levels find the CaaS business model appealing because they can quickly take advantage of turnkey services without having to spend time and money developing an original attack strategy. And for experienced attackers, offering attack portfolios as a service yields a fast and reoccurring payout. In the future, subscription-based CaaS products may lead to other sources of income, too.

Criminals will also start to use cutting-edge attack methods like deepfakes, making audio and video recordings and associated algorithms more widely available for purchase.

Money Laundering-as-a-Service

To help scale their criminal enterprises, leaders and affiliate programs typically use money mules—individuals who deliberately or innocently help a crime syndicate launder money. Criminals use mules to transfer funds secretly from one nation or bank account to another; they sometimes recruit these mules via job ads. To avoid being discovered, this money-shuffling is sometimes carried out through cryptocurrency exchanges or anonymous wire transfer services.

It is standard practice to move money physically and conduct transactions through unaware mules, which helps prevent leaving a digital trail. To avoid setting off the warnings required by anti-money laundering legislation, funds are frequently divided into smaller batches and then moved through a number of channels.

Deploying recruitment campaigns for money mules is typically time-consuming because cybercriminals create websites for fictitious organizations and job listings for them. The listings are usually for money-handling roles like accounts receivable to lend credence to their businesses, successfully recruit mules, and elude law enforcement. We forecast that bad actors will begin adopting machine learning (ML) for recruitment targeting, which will improve the accuracy of their search for potential mules and speed up the process of finding these recruits. This adds new challenges for the teams ultimaltey responsible for ensuring the company is adhering to Anti-Money Laundering (AML) regulations.

In a similar vein, we anticipate the replacement of manual mule campaigns with automated services that transfer funds through multiple crypto exchanges, accelerating the process and making it harder to track.

The arrival of Money Laundering-as-a-Service is imminent; it might soon be included in the expanding CaaS portfolio. Additionally, the automation of this sort of crime makes money laundering harder to track, which lowers the likelihood of retrieving stolen monies for the organizations that become victims.

A six-step defensive strategy for FSI

1. Automate and augment: The only alternatives to the talent shortage are automation and augmentation. Giving your staff access to AI/ML tools will give your teams actionable alerts and a single point of control for managing, automating and orchestrating your network and security company-wide.

2. Understand compliance: From a business perspective, as well as from an IT and security perspective, it is crucial to be aware of the specific laws and regulations that you must address and adhere to.

3. Find the business-critical vulnerabilities and processes: Prioritizing the most important and susceptible processes requires FSIs to identify their most important business operations and assign them a risk assessment. Since a broad picture is ideal, talks throughout your entire firm are necessary. This allows you to see your organization from a risk perspective and simplifies the security language when talking to the board.

4. Upskill for cybersecurity: To help make up for the global shortage of cybersecurity talent, FSIs must upskill their workforce. No matter what their role, all personnel need cybersecurity awareness training, as well as recurring updates on the latest risks and attack techniques. Cybersecurity is the key discipline that is critical to all business endeavors.

5. Exchange knowledge: Look beyond your own organizations. CISOs must take proactive steps to learn what is occurring to the brand “in the wild.” Sharing information across organizations is essential. A DRP (digital risk protection) service should be used to improve visibility of the external digital attack surface.

6. Get on the same risk conversation page: Align with a common framework, such as NIST, to enable discussions about that service among all business units. In order for FSIs to advance their regulatory environment and automate audits, OSCAL (Open Security Controls Assessment Language) has been at the forefront of how the FSI can develop an information mechanism that tries to understand and makes data machine-readable.

Forewarned for 2023

With the difficult but critical task of watching out for all forms of financial fraud, financial services professionals need every tool and tactic at their disposal to thwart emerging attack vectors like RaaS and CaaS. The defensive strategy outlined above will help the FSI detect and defeat these forms of cybercrime.

Global Banking & Finance Review


Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post