Executive Summary
Publication Date: June 7, 2024
Infosecurity Europe 2024 convened in London as one of the most influential cybersecurity events of the year, drawing thousands of professionals, vendors, and researchers from across the globe. The conference served as a crucible for the latest threat intelligence, exploitation techniques, and mitigation strategies, with a pronounced focus on AI-driven attacks, supply chain vulnerabilities, advanced MFA bypass tactics, and the rapidly evolving regulatory landscape. This advisory report distills the most critical technical insights, exploitation trends, and actionable recommendations discussed at the event, providing Rescana customers with a comprehensive, OSINT-based perspective on the current threat environment.
Technical Information
Infosecurity Europe 2024 underscored the accelerating sophistication of cyber threats, particularly those leveraging artificial intelligence, exploiting authentication weaknesses, and targeting the software supply chain. The following sections provide a detailed technical analysis of the most salient topics, tools, and real-world exploitation scenarios highlighted during the conference.
AI-Driven Threats and Exploitation
The proliferation of AI-powered attack tools has fundamentally altered the threat landscape. Deepfake-enabled social engineering, automated exploit generation, and AI-driven denial-of-service (DoS) attacks were central themes. Losses attributed to deepfakes reached $1.3 billion in 2023, with open-source tools such as DeepFaceLab enabling adversaries to craft highly convincing synthetic videos and audio. These assets are weaponized in business email compromise (BEC) and executive impersonation schemes, often bypassing traditional verification controls.
AI is also being used to automate the discovery and exploitation of vulnerabilities. Attackers are leveraging large language models (LLMs) like ChatGPT to generate proof-of-concept (PoC) code for known CVEs, accelerating the weaponization of newly disclosed flaws. The conference emphasized the necessity of robust AI threat modeling, including a granular understanding of data flows, model training data, and the potential for adversarial manipulation.
Relevant MITRE ATT&CK techniques include T1204 (User Execution), T1566 (Phishing), and T1584 (Compromise Infrastructure). Deepfake-enabled social engineering aligns closely with these TTPs, as attackers exploit human trust and technical controls simultaneously.
MFA Bypass and Credential Attacks
A major highlight was the demonstration of advanced MFA bypass techniques using adversary-in-the-middle (AiTM) phishing kits such as Evilginx2. These tools proxy authentication flows, intercepting session tokens and rendering traditional MFA (including TOTP, SMS, and push-based methods) ineffective against sophisticated phishing campaigns. The session "How to Hack the World’s Most Popular MFA Solution" by Al Lakhani (IDEE GmbH) showcased real-world exploitation of widely deployed authentication platforms, including Microsoft 365, Google Workspace, and Okta.
Despite the adoption of MFA, attackers are increasingly successful at session hijacking and credential theft. The event stressed the urgent need for phishing-resistant authentication mechanisms, such as FIDO2/U2F hardware keys and passkeys, which are less susceptible to AiTM attacks. However, even these controls require rigorous testing and user education, as attackers rapidly adapt their tactics.
Key MITRE ATT&CK techniques observed include T1110 (Brute Force), T1556 (Modify Authentication Process), and T1111 (Two-Factor Authentication Interception). In-the-wild exploitation has been attributed to groups such as FIN7, APT29, and various financially motivated cybercriminals.
Supply Chain and Software Security
The software supply chain remains a high-value target, with modern SDLC practices and the ubiquity of open-source dependencies expanding the attack surface. Tools like JFrog Artifactory and Synopsys Black Duck are increasingly deployed to manage and scan software artifacts for vulnerabilities, but the sheer volume of dependencies (over 1.6 million apps on the App Store alone) complicates comprehensive risk management.
Recent high-profile supply chain attacks, including the MOVEit Transfer (CVE-2023-34362) exploitation by the Cl0p ransomware group and the enduring impact of the SolarWinds Orion compromise, were dissected in detail. These incidents underscore the necessity of continuous dependency monitoring, threat modeling, and developer security training.
Relevant MITRE ATT&CK techniques include T1195 (Supply Chain Compromise) and T1199 (Trusted Relationship). The conference highlighted the importance of integrating software composition analysis (SCA) and interactive application security testing (IAST) into CI/CD pipelines to detect and remediate vulnerabilities before deployment.
Regulatory and Compliance Shifts
The regulatory environment is evolving rapidly, with frameworks such as GDPR, DORA, and NIS2 imposing stricter breach reporting timelines and expanding the scope of direct liability for CISOs and organizations. Some regulations now require "immediate" breach notification, a significant reduction from the previous 72-hour window. Non-compliance can result in substantial financial penalties and reputational damage.
Sessions at Infosecurity Europe emphasized the need for automated incident response playbooks, rapid password reset capabilities, and robust crisis management protocols to meet these new regulatory demands. Organizations must also ensure that their third-party risk management (TPRM) programs are aligned with evolving legal requirements, particularly in the context of supply chain security.
Human Factors and Burnout
Human error and burnout remain persistent challenges. According to data presented at the conference, 83% of cybersecurity departments experienced breaches or mistakes attributable to staff fatigue and resource shortages. The ongoing skills gap exacerbates this risk, as overworked teams struggle to keep pace with the volume and complexity of modern threats.
The event advocated for increased investment in cybersecurity training, mental health support, and automation to reduce the cognitive load on security teams. Platforms like Hack The Box were highlighted as effective tools for continuous skill development and real-world scenario training.
Notable Tools and Solutions
Several tools and platforms were prominently featured for their roles in both offensive and defensive operations:
Evilginx2 is an open-source phishing kit designed for MFA bypass via AiTM attacks. DeepFaceLab enables the creation of deepfake videos for social engineering and fraud. JFrog Artifactory and Synopsys Black Duck provide artifact management and open-source vulnerability scanning, respectively. Invicti (Netsparker) offers IAST and SCA capabilities for real-time vulnerability detection. Hack The Box delivers hands-on CTF and training labs for cybersecurity professionals.
Recent Breaches and Exploitation in Europe (2024)
Europe has witnessed a significant surge in data breaches, with 33,471 incidents registered in 2024—a 65% year-over-year increase. The majority of these breaches involved phishing, supply chain compromise, and credential theft. Notable exploits include the MOVEit Transfer vulnerability (CVE-2023-34362), which was leveraged by the Cl0p ransomware group, and deepfake-enabled BEC attacks targeting finance and HR departments.
IOCs and Threat Actor Activity
Prominent APT groups active in the European threat landscape include Cl0p (specializing in supply chain attacks), FIN7 (credential theft and phishing), and Lazarus Group (deepfake-enabled social engineering and supply chain compromise). Indicators of compromise (IOCs) associated with these actors include domains mimicking Microsoft, Google, and Okta login pages, as well as IP addresses and URLs linked to recent phishing campaigns. Deepfake video samples and hashes are cataloged by organizations such as DFRLab.
Mitigation Strategies
To counter the advanced threats discussed at Infosecurity Europe 2024, organizations should:
Adopt phishing-resistant MFA solutions, such as U2F hardware keys and passkeys, and rigorously test them against AiTM phishing kits like Evilginx2. Implement comprehensive AI/ML threat modeling and data governance controls to mitigate the risks posed by adversarial AI. Continuously scan and monitor software supply chain dependencies using tools like JFrog Artifactory and Synopsys Black Duck. Provide regular training for staff on deepfake and AI-enabled social engineering detection, leveraging platforms such as Hack The Box. Prepare for rapid breach reporting and crisis management by developing and testing automated incident response playbooks and password reset procedures.
References
Infosecurity Europe 2024 Notes by Anatolii Popov (LinkedIn) heyData: GDPR Data Protection Breaches 2024 Evilginx2 GitHub DeepFaceLab GitHub JFrog Security Synopsys Black Duck PhishLabs Evilginx IOC Blog MITRE ATT&CK Framework MOVEit CVE-2023-34362 NVD DFRLab Deepfake Analysis CERT-EU Advisory 2024-027
Rescana is here for you
Rescana’s advanced TPRM platform empowers organizations to continuously monitor, assess, and mitigate third-party and supply chain risks in real time. Our platform leverages cutting-edge automation and OSINT to provide actionable insights, helping you stay ahead of emerging threats and regulatory requirements. For any questions or to discuss how Rescana can support your cybersecurity strategy, please contact us at ops@rescana.com.
