Europol has warned that a surge in demand for data on the cybercrime underground is fuelling an underground economy built on fraud, ransomware, child exploitation and extortion.
Published yesterday, its 2025 Internet Organised Crime Assessment report is based on intelligence gathered from the policing group’s own investigations, the EU Serious and Organised Crime Threat Assessment 2025, and Europol experts and advisory groups.
It argued that as digitally stored data has exploded in volume, it has become the “central commodity” of cybercrime, imperilled by “insufficient digital literacy” on the part of consumers and businesses, and the complexity of IT infrastructure.
The report claimed that data – in the form of access credentials and personally identifiable information (PII) – is a target, a means and a commodity for cybercriminals.
It’s used for extortion, fraud, unauthorized system access, business email compromise (BEC), espionage and even to target victims in child sexual exploitation (CSE), said Europol.
Read more on data breaches: US Data Breach Victim Count Surges 26% Annually
Frequently, data breaches create a “vicious cycle” where data (credentials) provides access to accounts, which enable breaches or account takeovers, leading to the compromise of even more data and credentials.
“Information is stolen and converted into a commodity to be further exploited by other criminal actors in their operations,” the report noted.
“It is then marketed on various criminal platforms, including specialised marketplaces, underground forums, and dedicated channels within end-to-end encrypted (E2EE) communication apps.”
Most commonly, data is acquired via the usual channels: social engineering, infostealers, vishing and vulnerability exploitation, said Europol.
Initial access brokers (IABs) use these means to enable access to the data, while data brokers facilitate its sale.
A service-oriented underground economy makes the whole thing run like clockwork.
“Consequently, demand for data is skyrocketing and its illicit trade is expected to become even more widespread in underground economies, contributing to the destabilization of legitimate economies and the erosion of trust in governance structures,” Europol warned.
Europol Renews Calls for E2EE Backdoors
The policing body outlined three policy considerations to help improve the situation:
- Establishing “lawful access by design” to end-to-end encrypted (E2EE) comms – something experts have argued time and again is impossible without undermining security and privacy for all
- “Clear and harmonised” EU standards for targeted retention and/or rapid access to essential metadata, to improve the effectiveness of cross-border investigations
- Promotion of “broad digital literacy, critical verification skills and responsible online sharing practices” with an emphasis on parents and young people
Curiously, there were no calls from Europol to improve corporate security, despite the growing number of enterprise data breaches. The victim count for breaches at US firms rose to a staggering 1.7 billion last year, according to the Identity Theft Resource Center.
Click Here For The Original Source.
