In its newly released 2025 Internet Organised Crime Threat Assessment (IOCTA) , Europol has issued a chilling warning: the digital underworld is no longer just about hacking into systems—it’s about profiting from stolen data. This underground economy, fueled by compromised identities, credentials, and sensitive information, powers everything from ransomware attacks to child exploitation, forming a sprawling criminal ecosystem that transcends borders and technologies.
The report, published today, underscores how cybercriminals have shifted their focus from isolated breaches to building a robust marketplace where stolen data is not merely an end goal—but a currency.
A Hidden Economy Built on Access
At the heart of this criminal enterprise lies access—access to corporate networks, personal devices, and individual identities. The IOCTA 2025 paints a stark picture of a world where nearly every aspect of our digital lives is under siege. From phishing campaigns to AI-generated deepfakes, cybercriminals are deploying increasingly sophisticated tools to infiltrate systems and harvest valuable data.
According to Edvardas Šileris, Head of Europol’s European Cybercrime Centre (EC3), “You can’t defend what you don’t understand.” He added that the latest assessment provides critical insights into the hidden mechanisms of cybercrime, equipping law enforcement, policymakers, and private sector stakeholders with the intelligence they need to respond effectively.
Generative AI Supercharges Social Engineering
One of the most alarming trends outlined in the report is the use of generative artificial intelligence , including large language models (LLMs), to enhance social engineering attacks. Criminals are now capable of crafting highly personalized scam messages tailored to victims’ cultural contexts, languages, and even personal habits. These AI-driven tactics allow fraudsters to mimic trusted entities—from bank representatives to government officials—with unnerving accuracy.
This evolution is particularly devastating in the realm of child sexual exploitation , where offenders are leveraging AI to automate grooming processes and increase the emotional manipulation of young victims. The report warns that these tools enable predators to scale their operations, making detection and prevention more challenging than ever before.
Data as Commodity: Crime-as-a-Service Thrives
Cybercrime has become accessible to virtually anyone willing to pay. The rise of Crime-as-a-Service (CaaS) platforms means that even those without technical expertise can purchase stolen data, rent out botnets, or follow step-by-step guides to execute complex fraud schemes. Marketplaces operating on dark web forums, encrypted messaging apps, and subscription-based services offer bulk sales of login credentials, compromised corporate systems, and even remote access to hacked infrastructure.
“Data is no longer just the target—it’s a commodity,” the report states. Every breach, leak, or phishing success feeds into a cycle where data is harvested, repackaged, and resold across layers of the criminal supply chain.
Extortion, Identity Theft, and Exploitation
Beyond financial fraud, stolen data is being weaponized for extortion, identity theft, and abuse , often targeting the most vulnerable members of society. Ransomware groups continue to exploit known software vulnerabilities and manipulate human behavior through psychological pressure and fear-based tactics. One emerging technique involves mimicking common error messages and CAPTCHA boxes—a tactic dubbed “ClickFix”—to trick users into installing malware themselves.
Meanwhile, the growing reliance on end-to-end encryption (E2EE) poses a significant challenge for law enforcement. While essential for protecting user privacy, E2EE apps like WhatsApp, Signal, and Telegram are increasingly abused by criminals to coordinate illegal activity, exchange stolen data, and evade surveillance. Europol notes that encrypted communications are now a primary channel for organizing cybercrime, with investigators facing near-total opacity into these operations.
Recommendations: A Call for Coordinated Action
To combat these evolving threats, Europol calls for a coordinated response at the EU level. Key recommendations include:
- Lawful access solutions for encrypted communications that balance security and privacy concerns.
- Harmonized data retention rules across member states to ensure consistent collection and availability of digital evidence.
- Digital literacy initiatives , especially targeted at children and teenagers, to help them recognize and resist online manipulation.
The report emphasizes that while technology evolves rapidly, many of the vulnerabilities exploited by cybercriminals are long-standing. Human factors—such as poor password hygiene, unpatched software, and susceptibility to social engineering—remain central to many successful attacks.
Behind the Report: Operational Insights from the Frontlines
The IOCTA 2025 draws on thousands of investigations supported by Europol annually, particularly through its European Cybercrime Centre (EC3) and Economic and Financial Crime Centre (EFECC) . Contributions from national police forces and private sector partners provide a comprehensive view of the current threat landscape.
It builds upon the broader EU Serious and Organised Crime Threat Assessment (SOCTA) , reinforcing the message that in today’s digital age, data is power—and everyone’s data is at risk.
Final Thoughts: A Race Against Time
As cybercriminals grow more organized, technologically advanced, and profit-driven, the stakes for cybersecurity have never been higher. The IOCTA 2025 serves not only as a diagnostic tool but also as a rallying cry for unity among governments, tech companies, educators, and citizens.
In the words of Šileris: “We must move faster than the threat. Understanding it is the first step.”
And as this report makes clear, the time to act is now.
Europol’s 2025 Internet Organised Crime Threat Assessment (IOCTA), published today, reveals how stolen data fuels the digital underworld, powering a criminal ecosystem that spans from online fraud and ransomware to child exploitation and extortion. The report paints a stark picture of a cybercrime economy built on access—access to your systems, your identity, and your most sensitive information.The Head of Europol’s…
