Europol published report on the latest trends in the cybercrime landscape

On 28 April, Europol published the new edition of the Internet Organised Crime Threat Assessment (IOCTA) 2026, providing an analysis of the latest trends and developments in cybercrime affecting the EU. The report, titled "How encryption, proxies, and AI are expanding cybercrime," highlights how cyber threats are growing faster and becoming more advanced and sophisticated. It stresses the need for enhanced law enforcement capabilities and international cooperation.

The IOCTA 2026 delves into different criminal trends in cybercrime enablers, online fraud schemes, cyber-attacks and online child sexual exploitation.

Cybercrime enablers: a fragmented dark web and cryptocurrencies

The report shows that the dark web remains a critical enabler for cybercriminals, with marketplaces and forums demonstrating remarkable resilience despite ongoing law enforcement efforts.

One of the report's key findings is the increasing use of cryptocurrencies in facilitating cybercrime. Privacy coins and offshore exchange services have become integral to the laundering of ransomware payments, making it increasingly difficult for law enforcement agencies to trace illicit transactions. The report also notes the growing popularity of cryptocurrencies among minors and young adults, who may unknowingly engage in money laundering activities.

Artificial intelligence as an accelerator of online fraud

The report also explores how cybercriminals use the advanced strategies to defraud citizens throughout the EU. They rely on automation and artificial intelligence to boost the efficiency and scope of their activities. Generative AI tools are increasingly employed to tailor social engineering tactics, accelerating and concealing online fraud schemes.

Cyber-attacks increasingly focus on threat of data release

The report highlights the persistent threat of ransomware, with many active ransomware brands observed throughout 2025. The report notes the increasing interweaving of state-sponsored hybrid threats with criminal actors, who may serve as proxies for destabilisation purposes. This poses a significant threat to public institutions, big tech companies and people's private data.

Increased trade and monetisation online child sexual exploitation

The report also addresses the rise in online child sexual exploitation, with sexual extortion cases continuing to spike. The trade in child sexual abuse material (CSAM) for financial gain is increasing, and the production of synthetic CSAM is on the rise, creating additional challenges for law enforcement. E2EE messaging applications have become a prominent communication environment for CSE offenders, further complicating investigative efforts.

Beyond identifying the threats and latest trends in cybercrime landscape, the report provides valuable insights and resources for law enforcement agencies, policymakers, and industry stakeholders. It offers detailed analyses, case studies, and recommendations for strategic responses.

For more details, see the full report: IOCTA 2026