Europol IOCTA cybercrime report reveals growing use of AI models and data theft

Europol has released its analysis of the cybercrime landscape, focusing on how it has evolved over the past 12 months.

As countries, governments and companies digitally transform, the rapid adoption of new technologies is being shadowed by a commensurate evolution of criminality.

“This shift has meant that digital infrastructure and the data within it have become prime targets,” the Internet Organised Crime Threat Assessment (IOCTA), Europol’s analysis summarizes.

The 2025 IOCTA report “Steal, deal and repeat: How cybercriminals trade and exploit your data” dives deep into how cybercriminals trade and exploit illegal access to data and how these goods and services are commodified.

For example, IOCTA categorizes data criminality into three groups: data as a target, data as a means (such as fraud, ID theft), and data as a commodity. The report notes the increased use of generative AI and how cybercriminals make use of online fraud schemes to gain unauthorized access to digital assets and sensitive information.

It also observes a paradox, one that will perhaps remain a challenge.

“The digital manifestation of the concept of an ‘open society’, characterised by vast amounts of easily accessible personal data fuelled by both voluntary online sharing and pervasive commercial data brokering, presents unique paradoxes,” the report says.

“While this environment fosters connectivity, its inherent transparency also creates significant vulnerabilities.”

The growing use of AI models adds another layer of complexity, IOCTA says. For example, AI can be used to commit sophisticated crimes involving the abuse of biometric data through harvested digital photos and deepfake technology for impersonation.

AI can also be leveraged for adversarial learning to create fake digital fingerprints capable of bypassing security measures such as two factor authentication (2FA). These methods show that  criminals are actively utilizing the imperfections and capabilities of AI to innovate attack vectors and evade detection, the report claims.

Europol also reveals some of the prominent law enforcement operations it has undertaken in its IOCTA report. In 2024, Europol supported two international law enforcement operations, called Endgame and Magnus, which disrupted the malware distribution ecosystem by taking down some of the most prominent dropper and infostealer services widely used by cybercriminals.

The infostealers RedLine and META targeted millions of victims worldwide, making them one of the largest malware platforms globally, Europol said. The droppers, which were offered as-a-service, included IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot, used their network of infected computers (a botnet) to deliver malware (such as an infostealer) to victims’ systems via malspam campaigns.

Following these large-scale operations, cybercriminals have started to diversify their techniques in order to compensate for the loss of these popular malware services.

The IOCTA 2025 report can be found here.

Article Topics

AI fraud  |  digital identity  |  Europe  |  Europol  |  financial crime  |  generative AI