Internet Organised Crime Threat Assessment (IOCTA)

Strategic, policy and tactical updates on the fight against cybercrime
PDF

IOCTA 2018 report (PDF)
IOCTA 2018 dedicated page
All IOCTA reports

Each year, Europol’s European Cybercrime Centre (EC3) publishes the Internet Organised Crime Threat Assessment (IOCTA), its flagship strategic report on key findings and emerging threats and developments in cybercrime — threats that impact governments, businesses and citizens in the EU.

The IOCTA provides key recommendations to law enforcement, policy makers and regulators to allow them to respond to cybercrime in an effective and concerted manner.

The report focuses on the crime areas that fall under EC3’s mandate. These cybercrime priorities, which are determined by the EU Policy Cycle - EMPACT, are currently:

The most recent IOCTA also looks at an additional crime area, online criminal markets, both on the surface web and Darknet. It also addresses the convergence of cyber and terrorism.

Another typical focus of the IOCTA are cross-cutting crime enablers, factors that straddle more than one crime area but are not necessarily inherently criminal themselves. These enablers include:

  • phishing/smishing/vishing
  • business email compromise
  • bulletproof hosting
  • anonymisation tools
  • criminal abuse of cryptocurrencies
  • money muling.

Structure

While there have been variations in how each IOCTA is put together, the basic structure is fairly constant. Each of the main chapters

  • describes the key findings on a particular cybercrime area in the reporting year;
  • identifies future trends and developments;
  • makes recommendations.

In addition, the IOCTA contains a brief summary of geographic threats and cybercrime activity throughout the five continents.

Each issue draws on contributions from:

  • experts at Europol
  • EU Member States
  • law enforcement authorities both within and outside the EU
  • partners in private industry, the financial sector and academia.

SUCCESSES

The IOCTA may also include word on operational successes in the year under review. Two examples will serve as illustrations. The first is the takedown of two of the largest Darknet markets, AlphaBay and Hansa. These criminal marketplaces had facilitated the trade of over 350 000 illicit commodities including drugs, firearms and cybercrime malware. With the support of Europol, the infrastructure of this underground criminal economy was shut down.

The second is the dismantling of the Avalanche network, a delivery platform used to launch and manage mass global malware attacks and money-mule recruiting campaigns. It caused an estimated EUR 6 million in damages in concentrated cyberattacks on online banking systems in Germany alone.

Crime areas
Cybercrime
Social engineering
Child Sexual Exploitation
Forgery of money and means of payment
Payment Fraud
Economic Crime
Money Laundering
Displaying 1 - 7 of 7