Europol: Data theft is big business and a major threat

Contents

Compromised personal data is fueling the digital underworld and a criminal ecosystem that ranges from online fraud and ransomware to child abuse and extortion. Europol warns of this in its threat analysis of organized crime on the internet for 2025 published on Wednesday, which the investigators say paints "the grim picture of a cybercrime economy based on access – to your systems, your identity and your most sensitive information".

Data as a commodity

For a large number of criminals, compromised data is "extremely valuable", writes Europol in the Internet Organized Crime Threat Assessment (IOCTA). "They use it as a commodity in its own right, but also as a target for other purposes, including the commission of other criminal activities."

The proliferation of large-scale language models (LLMs) and other forms of generative artificial intelligence (AI) are improving the effectiveness of social engineering through personalized communication with victims and the automation of criminal processes. AI and other key technologies thus accelerated "the dark side of the digital revolution". Cybercriminals relied on them "to increase the scale and efficiency of their operations".

According to Europol, a thriving part of the criminal ecosystem revolves around the sale of access to compromised systems and accounts. "Initial access brokers" (IABs) are increasingly promoting these services and related products on specialized platforms with numerous users. Data brokers are spreading their activities across several platforms in order to better evade prosecution.

Infostealers and droppers

End-to-end encrypted messengers are also on law enforcement's radar. They are increasingly being used "to negotiate and execute sales transactions with compromised data and to pass on the personal information of victims, including children".

Online criminals who specialize in data theft and access services use a wide range of methods in their operations, explains Europol. They adapt their criminal processes to the target, which makes it difficult to create clear profiles. "They attack victims and systems en masse and try to capitalize on exposed technical and human vulnerabilities," the report states.

According to the analysis, data brokers, for example, use externally provided infostealers to collect information from their victims. Botnet-based dropper services are also used to orchestrate phishing and spam campaigns and to spread malware. Infostealer logs and data dumps could in turn be sold or processed by criminals to extract login data and other information. Individual cyber gangs have specialized in analyzing this type of digital prey and offer corresponding services.

"Lawful access" and data retention

Advanced threat actors also rely on more sophisticated techniques, the authors explain. These enable them to compromise valuable targets such as digital service providers (supply chain attacks), international corporations and government agencies. The perpetrators use zero-day exploits and carry out complex social engineering operations.

These actors generally did not make their capabilities public, but monetized their exploits through direct collaboration with ransomware groups, for example. Even common error messages and captcha fields are mimicked using "ClickFix" tactics to trick users into installing malware.

To counter these threats, Europol is calling for "coordinated political action at EU level". These include well-known instruments that have been hotly contested for years, such as "lawful access solutions" for encrypted content and harmonized rules on data retention. It is also necessary to promote digital literacy –, especially among young people –.

(wpl)