News
RIVERBED IT TRENDS AND PREDICTIONS FOR 2014 IN THE MIDDLE EAST
By Taj El Khayat, General Manager for MENA at Riverbed Technology
Riverbed IT Trends and Predictions for 2014 in the Middle East
In 2014 enterprise IT teams should seek to harness the power of change. Savvy IT organizations understand that the right technology can positively impact their business. These organizations are responding to the need for change by seeking to harness those technologies that can differentiate their business, provide a better customer experience and ultimately help them gain a competitive edge.
In order to help companies embrace change, deliver a positive user experience and focus on solving business performance challenges, Riverbed has put together a list of the Top 8 Trends that will impact IT organizations in 2014 in the Middle East.
Governments role in innovation increases (globally) – Governments will increasingly become involved in technology, investing in a broad range of applications – from home-grown innovation incubators to local manufacturing sites that create jobs and manage geopolitical risk. In 2014, expect other governments such as the UAE government to follow suite as this trend will drive economic growth and competitive technologies across the globe.
Software defined everything hits production – A software-defined infrastructure is about decoupling the hardware that executes the data transactions from the software layer that orchestrates them. Rather than individual elements (compute, storage, and networking), infrastructure will be treated as a set of resources required for specific workloads. The goal is about using software to create an underlying infrastructure that can be managed holistically as part of the business. In this world, the application, end-user and the business are king. In 2014 we will see organizations finally implement software-defined architectures to achieve continued flexibility and control. Expect individual terms like “software defined networking” and “software defined storage” – which are just means to an end – to give way to larger concepts around the software defined data center and software defined branch.
Big data drives public cloud storage – In 2014, Big Data gets even bigger with the additional information being created by the “Internet of Things”. In 2014, companies will have evolved their people, process, and technology enough to yield significant business value from Big Data investments. This rise of big data applications puts unprecedented pressure on storage strategies and technologies. In 2014 expect two things: 1) in house, companies need to find a combination of robust storage hardware and software that allow for quick access to relevant information; and 2) as data storage needs increase, more companies will turn to cheaper and more available public storage cloud services to offset spiraling costs.
Enterprises start monitoring Personal Clouds – Personal cloud allows users to have access to use whatever device they want all while having constant access to the content and services they want to use, whether community (Facebook, news sites, etc), personal (photos, hobbies, music) or professional data (work related applications). In 2014, personal cloud services will outpace the growth of enterprise cloud services due to the continued growth of mobile computing, the growing number of mobile applications, and the growth in number of devices owned and used for personal use (personal cloud can drive an average of up 3 devices per employee.) IT won’t “own” or regulate these clouds, but will start monitoring them in 2014 to ensure sensitive data is not at risk.
Consumerization forces IT to measure customer satisfaction – Consumerization shifts power from the IT organization to the users (whether employees or customers). As the power of the individual continues to grow, IT organizations must adapt to their users – whether employees or customers. User expectations are transforming the way IT organizations do business. In 2014, IT organizations will respond by implementing metrics and measuring the satisfaction of their employee “customers.” Expect tried-and-true concepts like Net Promoter Score to become a mainstay in how IT evaluates its overall effectiveness.
DevOps teams become the norm, not the exception – DevOps started as an offshoot of Agile development, with a focus on achieving continuous delivery, will continue to catalyze change across IT departments in how teams from different IT domains will collaborate, which tools are employed to facilitate friction-less delivery, and the skill-sets that become increasingly desirable. Today, dedicated DevOps teams are found in hardware and software companies, as well as a fraction of progressive enterprise IT departments. In 2014, expect specific DevOps team to sprout up in all large enterprises.
Monolithic cloud strategies fade – Companies are moving towards automating the dynamic shifting of workloads from one cloud service to another for optimum performance, price and availability. IT will gain experience and confidence in moving a workload out of the path of a mega-storm (like Sandy), or to a lower cost service provider, or to a service provider closer to the end-user so the latency is minimized. In 2014, companies will move beyond the “I have a cloud strategy” to “I have a multi-cloud strategy.”
Industrial Internet gets vertical (sometimes called the Internet of Things) – As more objects become embedded with sensors and gain the ability to communicate, the resulting information networks promise to create new business models, improve business processes and reduce costs and risks. Many industries are gaining a competitive advantage from “connectedness” – among them: fleet management (for tracking goods and vehicles), consumer electronics and retail (stock control). Manufacturing, oil and gas, automotive, security, transport and even environmental management (smart cities) are gaining in this area. In 2014, adoption increases as companies continue to search for competitive advantages that also drive cost savings.
Financial
Corporate Group and PwC sign MoU to build pathways, connecting academic excellence with corporate success
Corporate Group and PwC Academy Middle East have officially signed a Memorandum of Understanding (MoU), launching a strategic collaboration aimed at empowering the next generation of young professionals by bridging the gap between academic learning and real-world corporate experience. This initiative seeks to provide ambitious students with a clear pathway into the corporate world, equipping them with the skills and hands-on experience necessary to thrive in today’s competitive marketplace.
Mohamed Osman, Chairman and Co-Founder of Corporate Group, said: “Our partnership with PwC marks a pivotal step in shaping the future of our industry by equipping the next generation with practical experience, essential skills, and deep knowledge. Together, we’re committed to fostering talent in the UAE, and we look forward to making a lasting impact on the emerging workforce.”
This partnership leverages Corporate Group’s deep industry expertise and PwC Academy’s exceptional educational platform, allowing students to apply theoretical knowledge in a practical, dynamic setting.
Taimur Ali Mir, PwC Partner and Professional Qualifications lead at PwC Academy, added: “This collaboration further reinforces our commitment to enabling the workforce of the future with the right knowledge, skills, and mindset required to thrive in today’s dynamic financial landscape. We look forward to working with Corporate Group to deliver impactful and meaningful experiences that support the region’s talent development needs.”
Participants will gain firsthand exposure to real corporate challenges, deepening their understanding of business operations and developing the mindset, confidence, and problem-solving skills required to drive meaningful change.
Unlike traditional academic programs, this collaboration emphasises real-world readiness. Graduates will be fully equipped to enter the workforce as active contributors, ready to make an immediate and impactful difference within their organisations. They will be empowered to tackle complex problems, make informed decisions, and lead with purpose from day one—ultimately contributing to the sustained growth of the region’s business ecosystem.
News
PNY Announces Strategic Partnership with METRA
PNY is pleased to announce the establishment of a strategic partnership with METRA, recognized as the region’s fastest-growing IT Value Added Distributor.
With a dynamic team of over 500 regional employees, METRA collaborates with a network of over 30 distinguished vendors, as well as 6500 partners and resellers. Their focus on delivering exceptional value-added services and regional expertise has propelled their rapid growth and positioned them as a trusted leader in the industry.
PNY is proud of this new collaboration. The company will bring its extensive expertise and the power of NVIDIA AI solutions, from AI workstations to data centers, to this partnership.
Providing cutting-edge solutions such as NVIDIA Professional Visualization, NVIDIA TESLA, and NVIDIA DGX solutions, PNY helps improve the creativity, productivity, and performance of users. PNY’s technology partnerships are constantly evolving to stay up to date with the latest innovations. PNY proposes a full spectrum of high value-added solutions in HPC and Artificial Intelligence environments.
Through this collaboration, PNY and METRA aim to leverage their combined strengths to offer advanced technology solutions that meet the growing demands of the IT and AI sectors. This partnership marks a significant step forward in delivering unparalleled value and expertise to customers across the region.
News
The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort”
In August 2024, Proofpoint researchers identified an unusual campaign using a novel attack chain to deliver custom malware. The threat actor named the malware “Voldemort” based on internal filenames and strings used in the malware.
The attack chain comprises multiple techniques currently popular within the threat landscape as well as uncommon methods for command and control (C2), like the use of Google Sheets. Its combination of tactics, techniques, and procedures (TTPs), lure themes impersonating government agencies of various countries, and odd file naming and passwords like “test” are notable. Researchers initially suspected the activity may be a red team. However, the large volume of messages and analysis of the malware very quickly indicated it was a threat actor.
Proofpoint assesses with moderate confidence this is likely an advanced persistent threat (APT) actor with the objective of intelligence gathering. However, Proofpoint does not have enough data to attribute with high confidence to a specific named threat actor (TA). Despite the widespread targeting and characteristics more typically aligned with cybercriminal activity, the nature of the activity and capabilities of the malware show more interest in espionage rather than financial gain at this time.
Voldemort is a custom backdoor written in C. It has capabilities for information gathering and to drop additional payloads. Proofpoint observed Cobalt Strike hosted on the actor’s infrastructure, and it is likely that is one of the payloads that would be delivered.
Beginning on 5 August 2024, the malicious activity included over 20,000 messages impacting over 70 organizations globally. The first wave of messages included a few hundred daily but then spiked on 17 August with nearly 6,000 total messages.
Messages purported to be from various tax authorities notifying recipients about changes to their tax filings. Throughout the campaign, the actor impersonated tax agencies in the U.S. (Internal Revenue Service), the UK (HM Revenue & Customs), France (Direction Générale des Finances Publiques), Germany (Bundeszentralamt für Steuern), Italy (Agenzia delle Entrate), and from August 19, also India (Income Tax Department), and Japan (National Tax Agency). Each lure was customized and written in the language of the authority being impersonated.
Proofpoint analysts correlated the language of the email with public information available on a select number of targets, finding that the threat actor targeted the intended victims with their country of residence rather than the country that the targeted organization operates in or country or language that could be extracted from the email address. For example, certain targets in a multi-national European organization received emails impersonating the IRS because their publicly available information linked them to the US. In some cases, it appears that the threat actor mixed up the country of residence for some victims when the target had the same (but uncommon) name as a more well-known person with a more public presence. Emails were sent from suspected compromised domains, with the actor including the agency’s real domain in the email address.
The threat actor targeted 18 different verticals, but nearly a quarter of the organizations targeted were insurance companies. Aerospace, transportation, and university entities made up the rest of the top 50% of organizations targeted by the threat actor.
Proofpoint does not attribute this activity to a tracked threat actor. Based on the functionality of the malware and collected data observed when examining the Sheet, information gathering was one objective of this campaign. While many of the campaign characteristics align with cybercriminal threat activity, we assess this is likely espionage activity conducted to support as yet unknown final objectives.
The Frankensteinian amalgamation of clever and sophisticated capabilities, paired with very basic techniques and functionality, makes it difficult to assess the level of the threat actor’s capability and determine with high confidence the ultimate goals of the campaign. It is possible that large numbers of emails could be used to obscure a smaller set of actual targets, but it’s equally possible the actors wanted to genuinely infect dozens of organizations. It is also possible that multiple threat actors with varying levels of experience in developing tooling and initial access worked on this activity. Overall, it stands out as an unusual campaign.
The behavior combines a variety of recently popular techniques observed in several disparate campaigns from multiple cybercriminal threat actors that have used similar techniques as part of ongoing experimentation across the initial access ecosystem. Many of the techniques used in the campaign are observed more frequently in the cybercriminal landscape, demonstrating that actors engaging in suspected espionage activity often use the same TTPs as financially motivated threat actors.
While the activity appears to align with espionage activity, it is possible that future activities associated with this threat cluster may change this assessment. In that case, it would indicate cybercriminal actors, while demonstrating some typical e-crime delivery characteristics, used customized malware with unusual features currently only available to the operators and not abused in widespread campaigns, as well as very specific targeting not normally seen in financially motivated campaigns.
Defense against observed behaviors includes restricting access to external file sharing services to only known, safelisted servers; blocking network connections to TryCloudflare if it is not required for business purposes; and monitoring and alerting on use of search-ms in scripts and suspicious follow-on activity such as LNK and PowerShell execution.
Proofpoint reached out to our industry colleagues about the activities in this report abusing their services, and their collaboration is appreciated.
-
Tech News2 months ago
Denodo Bolsters Executive Team by Hiring Christophe Culine as its Chief Revenue Officer
-
Tech Interviews6 months ago
Navigating the Cybersecurity Landscape in Hybrid Work Environments
-
Features4 months ago
Security in the Cloud Age: Combating Risks with Hybrid Cloud Solutions
-
Tech News6 months ago
Brighton College Abu Dhabi and Brighton College Al Ain Donate 954 IT Devices in Support of ‘Donate Your Own Device’ Campaign
-
Tech Features3 months ago
The Middle East to Lead with Next-generation Mission Critical Communication Advancement
-
Automotive7 months ago
Al-Futtaim Automotive Builds On 23-Year Legacy of Trust & Leadership in UAE’s Pre-Owned Car Market to Sell Over 25,000 Used Vehicles in 2023
-
Tech News9 months ago
Senet enters MENA’s Competitive Gaming Scene with ‘skill-to-earn’ Platform
-
Tech Features8 months ago
How Telecommunications Providers Can Best Tackle DDoS Attacks