Money Laundering Attempts Nearly Triple in 2019

By Ava McKinneyOnline Safety

Money Laundering Attempts Nearly Triple in 2019

According to experts from Kaspersky Lab, every fiftieth online session in the banking and e-commerce sectors in Russia and worldwide in 2019 was conducted by cybercriminals. Most often—63% of cases—attempts to make unauthorized money transfers were carried out using malware or remote device management applications. The most commonly used among these were AnyDesk, TeamViewer, AirDroid, and AhMyth. After such software was installed, the likelihood that attackers would gain remote access to the device screen through social engineering reached 48%.

The second most common method was the use of compromised credentials, which accounted for one in three incidents (34%). In these cases, attackers pursue several goals: to commit theft, verify the authenticity of accounts for subsequent resale, or collect additional information about the owner (such as phone number, address, etc.) to expand their database with new details.

As a result of these actions, companies suffer financial losses due to increased costs for sending two-factor authentication codes via SMS, and organizational resources may become unavailable due to a large number of botnet authorization requests, which also leads to reputational risks.

Incidents related to money laundering accounted for 3% of attacks. While this figure may seem small, it is significant because the number of such attempts increased by nearly 182% compared to 2018.

Experts attribute this growth to a decrease in the number of banks, increased availability of fraud tools, and numerous data leaks, which make it easy for criminals to find large amounts of information online. For complex money laundering schemes, fraudsters use automation tools, remote administration software, proxy servers, and the Tor browser to maintain anonymity. These schemes also involve drop services, which allow control of multiple accounts through one or several connected devices. When funds are received on these accounts, the money is then transferred further or cashed out using various methods.

“Both globally and in Russia, most fraudulent operations are related to withdrawing stolen funds, tax evasion, and laundering proceeds from criminal activities. That’s why companies today need mechanisms to verify the legality of transactions,” commented Sergey Golovanov, lead antivirus expert at Kaspersky Lab.

Leave a Reply