The market for selling initial access has seen a 50% increase in prices, with criminals offering stolen credentials on dark web marketplaces and through encrypted messaging apps.

Once attackers gain access to accounts, they often launch broader attacks, stealing additional data or committing identity fraud.

To combat cybercrime effectively, the report recommends enhancing digital literacy, creating harmonized European legislation for data protection, and fostering collaboration among governments, tech companies, and civil society.

Despite law enforcement efforts like Europol's Operation Endgame and Operation LabHost to dismantle cybercriminal infrastructures, criminals adapt quickly, making these efforts challenging.

This underground economy thrives on the trade of personal data, including login credentials, credit card numbers, medical records, and social media accounts.

The Europol Internet Organised Crime Threat Assessment (IOCTA) 2025 report reveals that personal data has become a valuable currency for cybercriminals, enabling them to exploit technological vulnerabilities and human behaviors.

Stolen personal information is actively traded on dark web forums and encrypted messaging platforms, forming a structured criminal ecosystem.

Initial access brokers (IABs) are a growing segment of the cybercrime market, selling access to compromised systems to other criminals, including ransomware gangs.

Social engineering tactics, particularly phishing, have become more effective due to advancements in AI, which can generate convincing messages that mimic human writing styles.

Phishing messages created by AI language models have demonstrated a higher success rate than those crafted by humans, posing a significant threat to individuals and organizations.

Malware, particularly infostealers, remains prevalent, with programs like Lumma having infected over 394,000 Windows devices before its takedown in 2025.

Cybercriminals are increasingly utilizing AI to automate and scale their operations, employing chatbots and synthetic media to target victims across various languages.