London, 26 Oct – On November 5th U.S. sanctions are set to be re-imposed on Iran. These sanctions will exert more pressure on an already struggling economy. It is likely that Iran will attempt to circumvent these sanctions through cyber-enabled money laundering — and banks will be a prime target.
To cyber-enable money laundering, hackers alter critical information or disable anti-money laundering controls using a bank’s own computer system, thereby allowing them to execute a prohibited financial transaction. The illicit purpose or sanctioned participant is disguised, so the transaction is allowed.
Iran’s weakened currency, and threat of recession makes it desperate to sell oil to support its currency, finance trade, and to fund terrorist groups and proxy wars overseas. As well, the county has demonstrated that it is capable of cyber-attacks.
In 2011, Iran caused millions of dollars in lost business, when it directed cyberattacks against dozens of U.S. banks. Its hackers have recently stolen at least 31 terabytes of documents and data from U.S. academic institutions, businesses, and government agencies — a theft valued at some $3.4 billion.
In recent years, the finance industry has focused on preventing large-scale hacks like the one that diverted $81 million from Bangladesh Bank in 2016. The scale of this attack made it the subject of press coverage and cybersecurity sessions at financial conferences. But as banks and regulators invest in better technology, monitoring, and training to prevent unauthorized transfers of funds, this type of hack will soon be impossible. However, cyber-enabled money laundering isn’t on the radar in the same way, and the finance industry is largely unprepared for this kind of threat.
Altered customer data could prevent the focused scrutiny that banks apply to clients from sanctioned countries. Bypassed controls at a bank’s far-flung branches represent a particular risk. In fact, Denmark’s largest lender, Danske Bank A/S, is facing civil penalties and possible criminal charges after its Estonian branch allegedly laundered as much as $235 billion on behalf of sanctioned Russians.
Financial institutions must commit themselves to continuous monitoring of account behavior, data integrity, employees, and supply chains.
Software that establishes an internal distributed ledger system to record critical data, which could make manipulation more difficult, should be a top priority investment. Layering a system like this with “context-aware” security features that take into account factors such as location, historical behavior, and multi-factor authentication before allowing access or changes, can help block anomalous activity. This combination of features may allow administrators to spot hackers before their system controls have been defeated.
Hardware manipulation can also undermine even the most secure networks. Banks must audit their global supply chains to ensure the integrity of computers and network equipment. Secure cloud storage for data, that can only be accessed through virtual desktops, minimizes the amount of hardware that must be protected.
Still, hackers will use phishing and similar attacks to target careless users. Training, along with testing of cybersecurity awareness, is essential. Also vital, is a program that monitors employees with critical access.
Banks, governments, and academia should share information, so that an attack against one institution would inform all the others. An advisory issued by the Treasury Department on October 11th, that detailed Iran’s efforts to abuse the international financial system, is one such example.
The threat of cyber-enabled money laundering by Iran poses an opportunity for financial institutions to ramp up their cybersecurity efforts, and avoid being targeted by new attacks, along with the serious penalties if they’re used to evade sanctions.