Research from Europol has revealed a booming black market for stolen data, with a sprawling digital underworld consisting of online fraud and ransomware, and even child exploitation and extortion.
The report – 2025 Internet Organised Crime Threat Assessment (IOCTA) – paints a stark picture of a cyber-crime economy built on access to people’s systems, identify, and sensitive information.
“You can’t defend what you don’t understand. Europol’s IOCTA 2025 report sheds light on the hidden economy of stolen data that powers today’s most dangerous cyber threat, giving law enforcement, policymakers, and industry the intelligence needed to act decisively,” the head of Europol’s European Cybercrime Centre, Edvardas Šileris said.
From phishing to phone scams, and from malware to AI-generated deepfakes, cyber-criminals use a constantly evolving toolkit to compromise systems and steal personal information. These stolen credentials and data sets are then sold, resold, and repackaged by data and access brokers operating across dark web forums, encrypted channels, and subscription-based criminal marketplace.
Social Engineering
The report highlights a rise in the use of generative AI, including Large Language Models, to supercharge social engineering attacks. Criminals now tailor scam messages to victims’ cultural context and personal details with alarming precision.
Child sexual exploitation perpetrators are also using AI to scale up grooming attempts and make coercion attempts more effective.
Data As a Commodity
Cyber-criminals no longer need technical skills to succeed. Crime-as-a-service platforms now offer everything from stolen data to step-by-step fraud tutorials. Access credentials to remote services compromised corporate networks, and even personal logins are sold in bulk.
Stolen data is also weaponised for extortion, identity theft and abuse – including against children.
Recommended reading
New Threats, Old Vulnerabilities
Initial access brokers and ransomware groups continue to exploit known system weaknesses and manipulate human behaviour.
Even popular error messages and CAPTCHA boxes are being mimicked in a tactic known as “ClickFix” to trick users into installing malware themselves.
While encryption protects users’ privacy, the criminal abuse of end-to-end encrypted apps is increasingly hampering investigations. Cyber-criminals hide behind anonymity while coordinating sales of stolen data, often with no visibility for investigators.
Recommendations
To counter these threats, the report calls for coordinated policy responses at EU level, including lawful access solutions for encryption, harmonised rules on data retention, and urgent efforts to boost digital literacy – especially among young people.
Related
Click Here For The Original Source.
