By Qasem Noureddin – Managing Director, Eaton Middle East

The Middle East is on the brink of a digital revolution, with its data center industry poised for significant expansion. According to Mordor Intelligence, the Middle East data center market is expected to grow at a compound annual growth rate (CAGR) of over 8% from 2021 to 2026. This growth is driven by the rapid adoption of cloud computing, edge computing, and artificial intelligence (AI), alongside substantial investments in digital infrastructure, particularly in the UAE and Saudi Arabia.

In response to these dynamic trends, Eaton has implemented three strategic initiatives designed to position us as the ideal partner for data center solutions in the Middle East: the investment in NordicEPOD, the acquisition of Exertherm, and the launch of the 9395X UPS.

Eaton’s strategic investment in NordicEPOD AS, a former subsidiary of CTS Nordics, is a crucial step toward enhancing the development of large modular data centers in the Middle East. NordicEPOD’s expertise in designing and assembling standardized power modules will enable Eaton to reduce complexity, costs, and lead times.

This partnership is particularly vital as the region undergoes rapid digital transformation. By leveraging NordicEPOD’s capabilities, Eaton is better positioned to meet the increasing demand for scalable and efficient data center solutions, reinforcing our commitment to supporting the Middle East’s infrastructure development and digital economy.

The modular design of NordicEPOD’s power modules allows for rapid deployment and scalability, which is essential for the fast-paced growth in the Middle East. By standardizing power modules, NordicEPOD helps reduce the overall cost of building and maintaining data centers, making it more feasible for businesses to expand their digital infrastructure. Additionally, the pre-engineered systems minimize lead times, allowing data centers to become operational more quickly, meeting the region’s urgent demand for digital services.

The acquisition of Exertherm, a UK-based leader in continuous thermal monitoring solutions, significantly enhances Eaton’s portfolio. Given the Middle East’s unique climate challenges, Exertherm’s advanced thermal management solutions are particularly relevant. Now integrated into Eaton’s Brightlayer software suites, these solutions will assist regional customers in optimizing operations and enhancing business performance. Exertherm’s innovative technology ensures that critical electrical infrastructure operates safely and efficiently, addressing one of the most pressing concerns for data center operators in the Middle East.

Exertherm’s technology provides real-time thermal monitoring, crucial for maintaining the reliability and safety of data centers in the Middle East’s harsh climate. By identifying potential issues before they become critical, Exertherm helps reduce downtime and maintenance costs. Integrating thermal monitoring with Eaton’s Brightlayer suite allows for more informed decision-making, leading to better overall performance and efficiency.

The launch of the 9395X UPS, produced at Eaton’s state-of-the-art campus in Helsinki, signifies a major advancement in power management technology. Designed for hyperscale and colocation data centers, the 9395X UPS features silicon carbide converters, delivering superior energy efficiency and a compact footprint. This is particularly significant for data centers in the Middle East, where space and energy efficiency are critical. The 9395X UPS’s grid interactive capability allows operators to participate in energy markets, reducing total cost of ownership.

As the region progresses towards sustainable energy solutions, the 9395X UPS supports these goals by minimizing carbon emissions and maximizing operational efficiency. The silicon carbide converters in the 9395X UPS provide exceptional energy efficiency, crucial for reducing operational costs and supporting sustainability goals. Its compact design allows data centers to maximize the use of their physical space, enabling more equipment to be housed within the same footprint.

The UPS’s ability to interact with the grid means data centers can participate in energy markets, creating opportunities for cost savings and revenue generation. With advanced load-sharing technology and self-monitoring systems, the 9395X UPS ensures high reliability and reduces the need for frequent maintenance checks.

According to a report by Arizton, the data center market in the Middle East and Africa (MEA) is projected to attract investments exceeding $7 billion in 2024 alone. The UAE and Saudi Arabia are leading this growth, driven by initiatives such as Saudi Vision 2030 and the UAE’s National Strategy for Artificial Intelligence 2031. Eaton’s strategic initiatives are interconnected efforts creating a robust ecosystem of solutions tailored to the Middle East’s unique data center needs. By expanding our reach into the European data center market, enhancing our thermal monitoring capabilities, and introducing cutting-edge UPS technology, we are fostering synergies that enhance efficiency, reliability, and sustainability.

Eaton’s trio of strategic investments underscores our holistic approach to addressing the challenges and seizing the opportunities in the Middle East’s rapidly evolving data center market. By continuously innovating and expanding our capabilities, Eaton is not merely keeping pace with industry growth but actively driving it forward. We are committed to maintaining our position at the forefront of delivering excellence in power management and data center solutions, ensuring that the Middle East’s digital future is both robust and sustainable.

By Charles Smith, Consulting Solution Architect, Data Protection, Barracuda Networks (EMEA)

The constant string of attacks organisations face is an ever-present reminder of how important it is to have an up-to-date, readily accessible copy of everything that matters to your business. Resilient backups allow you to recover more quickly from data damage, disruption, or loss, particularly if a ransomware attack has resulted in encrypted or deleted files.

These are well-known and widely reported benefits of backups — but there’s more. Immutable data backups can also protect you from the underrated threats of data tampering and malicious insiders, unpredictable activities that can significantly damage brand trust and reputation if they’re not addressed.

Data tampering and manipulation

Data tampering such as deletion and manipulation have been called the “next level of cyberattacks.” While attacks on data integrity aren’t new, their growing sophistication in the age of generative AI will make them harder to spot.

The perpetrators could be external, such as activists or nation-state groups, but more often they are internal, disaffected insiders with broad access rights out for revenge, mischief, personal, or financial gain.

Hypothetical external incidents could include an attacker successfully breaching a stock market’s IT system to alter share price updates, leading to panic selling and financial chaos. There are also reported examples of malicious insiders trying to alter data records within their current or former company, changing passwords, disabling servers, deleting files, or engaging in cyberespionage.

Companies need defences that will detect and prevent any attempt at data tampering inside the network, but also provide them with a robust and accurate version of the truth that can restore the original data and set the record straight.

The double defence against data tampering

Your first layer of protection should be a security solution that includes strong access controls, data encryption, secure communication protocols, and AI-driven measures to detect and respond to anomalies that could signpost attempted data interference. The combined impact should prevent external attackers from being able to access your network and alter or delete data, and it should also block internal malicious actions by authorised users.

There is a second, equally important layer of defence: an immutable data backup. Immutable data cannot be changed or deleted. This means that if an attacker does manage to tamper with or manipulate your communications, documents, and more — your backup files are unaffected and can be used to restore data and prove beyond doubt where content has been falsified.

The many benefits of immutable backups

Immutable backups can help an organisation to recover from any incident where data is encrypted, deleted, damaged, tampered with, or lost.

1. They offer an extra line of defence against determined bad actors. Despite the security measures in place, determined attackers may find ways to compromise or bypass security controls. Immutable backups provide an extra safeguard by ensuring that even if the primary data is tampered with, the backup remains intact and unaltered.

• They protect the company from insiders with ill intent.  No one likes to think about insider threats. These are your colleagues after all. But our own recent research suggests that malicious insiders were the root cause of around a third (39%) of data breaches in the last year. Immutable backups help to protect against insider attacks, as they prevent authorised users from altering or erasing data.

• They mitigate the impact of ransomware. Immutable backups can protect against ransomware attacks by ensuring that a clean, unaltered copy of the data is available for restoration, reducing the impact and potential need to pay the ransom.

• They protect you from accidental data corruption. Data can be corrupted due to hardware failures, software bugs, or human error. Immutable backups help protect against these scenarios by providing a point-in-time copy of the data that cannot be modified or corrupted, allowing for reliable data restoration.

• They are essential for compliance and data protection regulations. Some industry sectors and regulatory frameworks require organisations to maintain immutable backups for data retention and compliance purposes. Immutable backups ensure the integrity and authenticity of the data.

By combining security measures with immutable backups, organisations can implement a resilient data protection strategy that addresses both major, common cyberthreats such as ransomware and underrated, unanticipated threats that could do just as much harm. With immutable backups, you’re ready for them all.

By Sarah Sabotka, Bryan Campbell, And The Proofpoint Threat Research Team

What happened 

Beginning April 24, 2024, and continuing daily for about a week, Proofpoint observed high-volume campaigns with millions of messages facilitated by the Phorpiex botnet and delivering LockBit Black ransomware. This is the first time Proofpoint researchers have observed samples of LockBit Black ransomware (aka LockBit 3.0) being delivered via Phorpiex in such high volumes. The LockBit Black sample from this campaign was likely built from the LockBit builder that was leaked during the summer of 2023.  

Messages were from “Jenny Green” with the email address of Jenny@gsd[.]com. The emails contained an attached ZIP file with an executable (.exe). This executable was observed downloading the LockBit Black payload from Phorpiex botnet infrastructure.  

The emails targeted organizations in multiple verticals across the globe and appeared to be opportunistic versus specifically targeted. While the attack chain for this campaign was not necessarily complex in comparison to what has been observed on the cybercrime landscape so far in 2024, the high-volume nature of the messages and use of ransomware as a first-stage payload is notable.  

The attack chain requires user interaction and starts when an end user executes the compressed executable in the attached ZIP file. The .exe binary will initiate a network callout to Phorpiex botnet infrastructure. If successful, the LockBit Black sample is downloaded and detonated on the end user’s system, where it exhibits data theft behavior and seizes the system, encrypting files and terminating services. In an earlier campaign, the ransomware was directly executed, and no network activity was observed, preventing network detections or blocks. 

Attribution 

Proofpoint Threat Research has not attributed this campaign to a known threat actor. Phorpiex is a basic botnet designed to deliver malware via high-volume email campaigns. It operates as a Malware-as-a-Service and has garnered a large portfolio of threat actor customers over more than a decade of operation (earlier versions were first observed on the threat landscape circa 2011). Since 2018, the botnet has been observed conducting data exfiltration and ransomware delivery activities. Despite disruption efforts throughout the years, the botnet persists.  

Proofpoint has observed a cluster of activity using the same “Jenny Green” alias with lures related to “Your Document” delivering Phorpiex malware in email campaigns since at least January 2023.  

LockBit Black (aka LockBit 3.0) is a version of LockBit ransomware that was officially released with upgraded capabilities by the ransomware affiliates in June 2022. In September 2022, the confidential ransomware builder was leaked via Twitter. At the time, multiple parties claimed attribution, but LockBit affiliates claimed the builder was leaked by a disgruntled developer. The leak allows anyone to adopt the configuration for customized versions.  

Why it matters 

Ransomware as a first-stage payload attached to email threat campaigns is not something Proofpoint has observed in high volumes since before 2020, so the observation of a LockBit Black sample in email threat data on this global scale is highly unusual. Additionally, this campaign has been particularly notable due to the high volume of messages in the millions per day, volumes not commonly observed on the landscape. The number of messages and cadence associated with recently observed LockBit Black campaigns are at a volume not seen in malspam since Emotet campaigns. 

The LockBit Black builder has provided threat actors with access to proprietary and sophisticated ransomware. The combination of this with the longstanding Phorpiex botnet amplifies the scale of such threat campaigns and increases chances of successful ransomware attacks. This campaign is another good example of how the threat landscape continues to change, underscored by recurring and significant shifts and pivots in the tactics, techniques, and procedures (TTPs) used by threat actors.