The hot topics from Europe’s largest trade fair for IT security

IT-SA Expo & Congress claims to be Europe’s largest trade fair for IT security. And it really covers a wide range of security and security-related products and services. The event takes place in Nuremberg, Germany and provides an opportunity for vendors to show themselves to the public, create new contacts and leads, and check out what the competition is up to.

As one of the Malwarebytes representatives, I had the opportunity to walk around, talk to people, and listen to some of the talks given by representatives from throughout the industry.

All in all, I observed a lot of talks, and of the ones I heard that weren’t about promoting a product, most of them roughly fell into 3 categories: Ransomware, AI/ChatGPT, and NIS2.


Ransomware is still considered the most alarming cybersecurity threat to businesses, which isn’t surprising given that Germany is regularly in the top five most targeted countries in our monthly ransomware reviews, which often makes it the first country on the list where English is not the primary language. As one of Europe’s leading economies there is some serious money to be made by the cybercriminals.

The focus in ransomware developments is the shift in attention to the earlier stages of the attacks. By the time files are being encrypted, attackers have probably already been in situ for a while, moving laterally through the victim’s network and stealing their data. Some ransomware gangs even stop here and don’t proceed to encryption anymore. Encryption routines are easy to detect and stop, but spotting the suspicious behavior the precedes it turns out to be much harder.

AI and ChatGPT

AI, and ChatGPT in particular, are very much at the forefront of everyone’s attention. Mostly because we are curious, maybe even a bit anxious, to see what the future will bring.

As distinguished researcher Mikko Hyppönen explained, it’s not the tool we should be worried about, but the intentions of its users. Yes, artificial intelligence can find zero-days. Is that great because we can use to find vulnerabilities that need patching, or is it awful, because it will allow the cybercriminals to find vulnerabilities and exploit them?

And another researcher told us that after the introduction of ChatGPT and its peers, they noticed a 27% increase in the linguistic complexity of phishing emails. The times where we could spot the phisher by looking at the number of typo’s might be behind us. LLM’s allow phishers to create long, error-free emails that first gain the trust of the target and then get them to open an attachment or click a link.


The NIS2 Directive is EU-wide legislation on cybersecurity. Its purpose is to heighten the security levels for critical infrastructure in the European Union.

Businesses identified by the member states as operators of essential services in sectors such as energy, transport, water, banking, financial market infrastructures, healthcare, and digital infrastructure, will have to take appropriate security measures and notify relevant national authorities of serious incidents. Key digital service providers, such as search engines, cloud computing services, and online marketplaces, will have to comply with the security and notification requirements under the directive.

NIS2 has to be turned into laws by EU member states, which means it can be incorporated differently in every member state to functionally harmonize with local legislation. In Germany the third draft bill was presented in September 2023. So, while it’s slowly shaping up there is nothing definite about what will be included in the final draft.

A few things have been in all three drafts and seem likely to survive the cut. As a result, there was a lot of speculation, but nobody exactly knows what is going to happen. The NIS Implementation Act is scheduled to be announced in March 2024 and then come into force in October 2024 if everything goes as planned.

To anyone who I had the pleasure of meeting at IT-SA, I hope you had a successful event and let’s meet again some time.

Malwarebytes Managed Detection and Response (MDR) simply and effectively closes your security resources gap, reduces your risk of unknown threats, and increases your security efficiency exponentially. Malwarebytes MDR staffs highly experienced Tier 2 and Tier 3 analysts who are hands-on with customer endpoints, ensuring critical threats are quickly identified and a thorough response is rapidly deployed.

Want to learn more about MDR? Get a free trial below.


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.