Main findings and highlights of the IOCTA 2025 Report
The EC3 of EUROPOL has just published the Internet Organised Crime Threat Assessment (IOCTA) 2025 Report (Europol, Steal, deal and repeat – How cybercriminals trade and exploit your data – Internet Organised Crime Threat Assessment, Publications Office of the European Union, Luxembourg, 2025).
This edition of the IOCTA takes a closer look into unauthorized access, data brokers, and data markets. The IOCTA report provides a comprehensive analysis of how cybercriminals trade and exploit illegal access to data and how they commodify these goods and services, while also examining the complex criminal ecosystem that surrounds them. Further, it highlights the main law enforcement operations supported by Europol during 2024 and 2025 (Operations Magnus, Endgame, LabHost, dismantlement of cybercrime forums Cracked and Nulled) and provides an analysis of some trending and persistent threats, major criminal actors and its modus operandi and current tendencies exploited by perpetrators to conduct cyberattacks and cybercrime against victims located in Europe.
The report puts strong emphasis on how criminals are exploiting data and continue to rely on sophisticated social engineering techniques to deceive and defraud and scam victims and highlights that the efficiency of social engineering techniques has been improved by the wider adoption of LLMs and other forms of generative artificial intelligence. In the report, there is mention to a relative new trend and tactic known as ‘Slopsquating’ that criminal use to exploit AI code assistant errors or hallucinations to inject malware into software supply chains usually hosted on public-access repositories, such as Github, and organised in libraries of reproducible, efficient code. Among some of the key findings of the report in the field of AI and crime are:
“ The emerging use of (AI) in criminal business models has added a new layer of complexity to the threat landscape. Cybercriminals may use AI for attack automation, social engineering and bypassing security measures, enabling more scalable and complex attacks. AI-driven techniques may facilitate data acquisition, while the data itself can also be weaponised in AI-enabled attacks — for instance, to generate deepfakes, synthetic media and false identities.”
“The wider adoption of Large Language Models (LLMs) and other forms of generative artificial intelligence are improving the efficacy of social engineering techniques by tailoring communication with the victims and automating criminal processes.”
The IOCTA includes three main conclusions to overcome the complex challenges of cross-border investigations, one of which is ‘the establishment of clear and harmonised EU standards for the targeted retention and/or expedited access to essential metadata, operating strictly within the boundaries defined by CJEU case law (targeting serious crimes and ensuring compliance with the principles of necessity and proportionality), to provide greater legal certainty and improve the effectiveness of cross-border investigations.’
The IOCTA report continues to be a useful reference regarding the current threat landscape of cyberattacks, and explain new ways and trends of criminals leveraging technologies to improve their tactics in the commission of cyber enable crimes, and highlights the major trends and challenges faced by European law enforcement authorities to tackle cybercrime namely related to data retention and lawful access, end to end encryption (E2EE) and cross-border jurisdictional issues.
#AI #BEC #CasS #CSAM #CSE #cyberttacks #cybercrime #cryptocurrencies #Deepfafes #DarkNet #EC3 #ELPACCTO2.0 #Europol #Eurojust #GenerativeAI #IOCTA #LLMs #MakingEuropeSafer #Phishing #RasS #Slopsquating #Strongertogether