Preventing Crime-as-a-Service with Cutting-Edge Tools and Intelligence

Call ID

HORIZON-CL3-2023-FCT-01

Duration

01.09.2024 – 31.08.2027

Total Budget
0 M€
Partners
0
Countries
0
Use Cases
0

The Vision

Crime-as-a-Service (Caas)

CaaS represents a worrying evolution in the cyber threat landscape, transforming criminal activities into organised and commercialised enterprises. Similar to legitimate Software-as-a-Service (SaaS) platforms, CaaS offers on-demand illicit services such as malware rentals and fraud platforms. This shift lowers barriers to entry for cybercriminals, enabling individuals without technical skills to engage in activities like identity theft and payment card fraud through digital means. The consequence is a significant amplification of criminal operations’ scale and impact.

Our Aim

SafeHorizon aims to tackle the emerging threat of Crime-as-a-Service (CaaS) by harnessing intelligence from various sources including the clear web, deep web, dark web, public dumps, and law enforcement datasets. By integrating these data streams with machine learning technologies, the project seeks to extract actionable evidence for legal use.

Use Cases

Monitoring transnational crime networks

Monitoring activities of actors in crime networks including ongoing malicious campaigns that may span across different jurisdictions and developing a set of dedicated crawlers which will provide insight and visibility of real-time activity of malicious online activity.

Criminal marketplace analysis

In order to assess the efficacy of the crawlers and the correlation engine, this use case is dedicated to the analysis of criminal marketplaces, and includes testing of the usefulness of SafeHorizon tools to identify crime networks and investigate their members.

Child sexual abuse and trafficking

This use case presents a comprehensive overview of the distribution channels and of the release dates of child sexual abuse material (CSAM).

Malware-as-a-Service

Malware-as-a-Service (MaaS) is a business model under which cybercriminals provide access to malicious software and related infrastructure for a fee, and in this use case we monitor and analyse ongoing malicious campaigns that may target organisations or individuals.

Partners

Coordinated by the Athena Research Center, SafeHorizon is a multidisciplinary research and development initiative spearheaded by an international consortium comprising 13 partners from 11 countries. Carefully selected consortium is gathering outstanding R&D centers and universities, businesses and Law enforcement agencies (LEAs) to ensure the perspective of developers, cybersecurity practitioners, researchers, and machine learning experts focusing on technical areas between security and development. Committed to contributing to cybercrime prevention improvement, the Consortium will ensure provision of a comprehensive toolbox of underdevelopment and enhanced open-source solutions for combating cybercrime designed to be user-friendly and easily adaptable.

Latest News

  • 22 January 2026|Blog|1.3 min|

    Join the GroundUp Hackathons: create innovations for Real-World CBRNE Challenges

    Malware - short for malicious software - remains one of the most pervasive threats in cyberspace, encompassing various types of malicious code designed to disrupt, damage, or gain unauthorised access to computer systems.

  • 22 December 2025|Blog|1.9 min|

    RansomHouse: The Rising Sophistication of Ransomware Toolkits

    RansomHouse RaaS now uses multi-layered encryption and double extortion, hitting critical sectors and showing the need for proactive, adaptive cyber defense.

  • 15 December 2025|Blog|4.9 min|

    CTI good practices with hyperlinks

    Working with CTI means handling risky data safely, use defanging, secure channels, encryption (PGP/E2EE), OPSEC, proper file handling and sandboxing.

  • 11 December 2025|Blog|1.8 min|

    Malware-as-a-Service (MaaS): a new business model

    MaaS turns cybercrime into a paid service, letting even low-skill actors launch sophisticated attacks at scale, driving over half of recent malware threats worldwide.

  • 5 December 2025|Blog|6 min|

    In the labyrinth of cybercrime money laundering

    The laundering of money from cybercrime involves a complex network of transfers, and investigators tracking these funds navigate a maze of cryptocurrency transactions and conversions.

  • 5 December 2025|Blog|5.8 min|

    Online data thieves: how the cybercrime bazaar works

    Cybercrime has evolved into a complex business ecosystem, where malicious tools and stolen data are sold like services. The lone hacker myth is gone, CaaS now fuels today’s digital crime.

  • 27 November 2025|Blog|1.8 min|

    The Role of Blockchain Analytics in the Fight Against Crime-as-a-Service

    Blockchain poses challenges for law enforcement, offering both anonymity for criminals and full transparency through permanent transaction records. With blockchain analytics, investigators can trace fund flows, link related wallets, and track movements across chains, revealing criminal networks and identifying touchpoints with the traditional financial system.

  • 22 November 2025|Blog|1.7 min|

    How Ransomware Actors Leverage Cryptocurrency: A Real-World Use Case

    Ransomware is among today’s most disruptive cyber threats, with cryptocurrency payments enabling attackers to operate globally, quickly, and with relative anonymity.

  • 22 November 2025|Blog|2.5 min|

    The Evolving Phishing Threat: Why Traditional MFA is Failing

    Phishing kits like Tycoon 2FA bypass traditional MFA at scale, exposing a shift toward Phishing-as-a-Service and the need for stronger authentication.

  • 22 November 2025|Blog|2.2 min|

    The Innovation Gap: How Cybercriminals Exploit Emerging Tech Before Law Enforcement Can Respond

    Cybercriminals adopt new tech faster than regulators. Closing the gap means investing in expertise, AI, and global public–private collaboration.

Events

  • 27 October 2025|Events|0.6 min|

    Joint Stakeholder Workshop – PRESERVE, SafeHorizon, ENSEMBLE, and LEA Projects Cluster

    We invite you to a joint stakeholder workshop organised by PRESERVE, SafeHorizon, and ENSEMBLE, together with the LEA Projects Cluster, led by Privanova.

  • 28 April 2025|Events|1 min|

    IMTrustSec: International Workshop on Incident Management, Trusted Computing, Open Hardware, and Advanced Security Attacks

    GICP - Cybersecurity and Privacy Protection Research Group is organising IMTrustSec 2025 – The International Workshop on Incident Management, Trusted Computing, Open Hardware, and Advanced Security Attacks, in collaboration with Diana Berbecaru.

  • 28 April 2025|Events|0.4 min|

    Workshop on Cryptographic Tools for Blockchain

    Join us in Madrid for the Workshop on Cryptographic Tools for Blockchain, affiliated with Eurocrypt 2025! Organised by top experts, including David Arroyo (CSIC/GICP, SafeHorizon Project partner), this one-day event will explore cutting-edge cryptographic innovations for DLT ecosystems.

  • Cepol 2025 Rome
    10 March 2025|Events|0.8 min|

    Research and Science Conference 2024/2025 (CEPOL)

    The Vicomtech team will participate in the European Union Agency for Law Enforcement Training (CEPOL) Research and Science Conference 2024/2025 in Rome (25–27 March 2025).

  • 11 December 2024|Events|0.7 min|

    SafeHorizon and Tampere University host Hands-On Workshop #1: The Dark Web

    The SafeHorizon Project EU and Tampere University are hosting an online hands-on workshop on Dec 17th 2024.