Europol report reveals skyrocketing threat of cybercrime and data theft

The latest Europol Internet Organised Crime Threat Assessment (IOCTA) reveals that stolen data is fuelling a vast criminal ecosystem spanning online fraud, ransomware, and child exploitation. The tools used by cybercriminals are evolving. They include phishing campaigns and deepfakes created by artificial intelligence (AI), which are employed to compromise systems and steal personal information that brokers then trade across dark web forums.

The report highlights the rise of generative AI, including Large Language Models, to enhance social engineering, creating highly tailored scams and more effective grooming attempts in child sexual exploitation. Data is now a critical commodity, with "crime-as-a-service" platforms offering stolen credentials and tutorials on fraud. This data is also weaponised for extortion and identity theft, including against children. Initial access brokers continue exploiting vulnerabilities and human behaviour, even mimicking error messages to install malware, a tactic referred to as ClickFix. The criminal abuse of end-to-end encrypted (E2EE) apps increasingly hampers investigations. To combat the threat, Europol is calling for coordinated EU policy, including lawful access for E2EE, harmonised data retention rules, and boosting digital and data skills development, particularly among young people.