Tech News
Digital Identity: Enabling MEA eGoverment Entities to Enhance Experiences while Cutting Costs
By Uday Shankar Kizhepat, Vice President and General Manager- Middle East and Africa Region, WSO2
We live digitally. Much of our professional work is digital, as is much of our leisure time. Our commercial activity – shopping, service subscription, banking, and more – is digital. And our government is digital. No doubt governance itself requires the wisdom of individuals. But the transactional part – filing, requesting, registering, licensing, and so on – is digital. Governments in the Middle East and Africa (MEA) know they have an opportunity, with today’s technologies, to streamline transactional government functions while cutting costs.
One way to do this is to introduce digital identities. By allowing each citizen to be recognized by their “bytes essence,” public authorities open the door to transformative programs that use these trusted online personas to get things done reliably and rapidly. Many regional nations are acknowledging the potential of digital ID systems and have cultivated track records for themselves in areas such as boosted citizen engagement and enhanced accuracy of outcomes.
Digital IDs offer a practical means to ensure useability when new e-government services come online. Identity verification, service accessibility, and data protection are three major, long-standing challenges encountered by regional governments on their digital transformation journeys. The digital ID solves all of them. It offers an elegant solution to the verification issue, obviously, but its simplicity enhances accessibility, and its security features protect data.
The ’Guarantee’
The digital identity may look straightforward, but its elegance is built on a toolbox of advanced technologies such as biometrics, encryption, and blockchain. These building blocks come together to give a guarantee of authenticity when an individual presents their credentials to an online gatekeeper. And we should not use the word “guarantee” lightly. It lies at the core of the viability of any authentication system offered by a government. When waved through the door, verified users can access tax history and health records. They can pay bills or register with a government agency. If verification is erroneous, a host of problems can arise.
The digital ID is a holistic, citizen-centric approach that strikes a balance between security and performance and yet does not compromise either. It eliminates bureaucratic bottlenecks and elevates the citizen experience without the public-sector agency ever relinquishing control of any part of the process. But how? How do digital IDs allow government services to operate at peak efficiency and grant seamless access to every citizen while not faltering when it comes to risk management? How do responsive, always-on services guarantee privacy and security? Well, the answer comes full circle, back to digital transformation.
Governments in the Arab Gulf region mention digital transformation frequently in published guidelines that map the way to economic diversification. These same guidelines apply to the government itself, which must set about transforming systems, processes, and functions to prepare for digital IDs and the world they promise – one in which a digital service provider can offer both seamless access and security. Complexities come from the scale and interconnectedness of operations, and the need for every shred of data, every machine-to-machine process, and every user session to be secure. Regulatory obligations must be juggled with budgetary constraints while technology leaders play intermediary to vying stakeholder factions within the organisation. It is easy to see how challenging it might be to maintain interoperability and data-sharing in such a fraught environment.
Of course, none of this will deter government organisations in the MEA region. They know what the hurdles are, but they also know what is to be gained – smoother services that cost less to provide while engendering greater citizen trust and in fact are leading the way in some of these digital initiatives. Remember, regional governments also know that the expectations of their citizens have, in a very real sense, undergone a digital transformation of their own.
Success Stories
If we cast our eyes around the region, we can see digital ID-centric transformation in action already. Some government organisations in the Middle East have introduced biometric facial recognition as part of digital identity phase-ins and are using the system for secure digital document storage. Also in current use are systems that allow single, mobile-based logins. In these countries, the government’s identity access management (IAM) system undergoes a sweeping overhaul that allows the unification of credentials data to provide secure digital identity.
In the Asian subcontinent, we find a government that directed its telecoms ministry to build a national information exchange layer using an API. Strict identity management was rolled out as part of this ambitious project. With digital identity in place, the government can enable slicker collaboration between its departments and enhanced efficiency in outputs. It can do all this while optimising data access and consumption, which empowers analysts to deliver more actionable insights to stakeholders across agencies and ministries.
In Africa, one country showed its peers how an integrated identity and access management solution can be used for risk-based authentication, single sign-on, multi factor authentication, and user self-service. The solution was designed to minimise the risk of identity theft, but it was also (through single sign-on) able to reduce complexity when onboarding and offboarding users.
Conflict Resolved
If digital solutions are the future of government, then digital identity is the future of public-sector cybersecurity and risk management. Governments in the region have been trying for years now to transform service delivery and engender citizen trust and engagement, but security has always been in conflict with agility. Having leveraged digital identity, authorities rid themselves of the downsides and reap rewards such as those described here. These regional successes underscore not only the profound impact digital transformation can have on society, but the indispensable role digital identity will play in delivering those efficiencies in a way that promotes trust.
News
The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort”
In August 2024, Proofpoint researchers identified an unusual campaign using a novel attack chain to deliver custom malware. The threat actor named the malware “Voldemort” based on internal filenames and strings used in the malware.
The attack chain comprises multiple techniques currently popular within the threat landscape as well as uncommon methods for command and control (C2), like the use of Google Sheets. Its combination of tactics, techniques, and procedures (TTPs), lure themes impersonating government agencies of various countries, and odd file naming and passwords like “test” are notable. Researchers initially suspected the activity may be a red team. However, the large volume of messages and analysis of the malware very quickly indicated it was a threat actor.
Proofpoint assesses with moderate confidence this is likely an advanced persistent threat (APT) actor with the objective of intelligence gathering. However, Proofpoint does not have enough data to attribute with high confidence to a specific named threat actor (TA). Despite the widespread targeting and characteristics more typically aligned with cybercriminal activity, the nature of the activity and capabilities of the malware show more interest in espionage rather than financial gain at this time.
Voldemort is a custom backdoor written in C. It has capabilities for information gathering and to drop additional payloads. Proofpoint observed Cobalt Strike hosted on the actor’s infrastructure, and it is likely that is one of the payloads that would be delivered.
Beginning on 5 August 2024, the malicious activity included over 20,000 messages impacting over 70 organizations globally. The first wave of messages included a few hundred daily but then spiked on 17 August with nearly 6,000 total messages.
Messages purported to be from various tax authorities notifying recipients about changes to their tax filings. Throughout the campaign, the actor impersonated tax agencies in the U.S. (Internal Revenue Service), the UK (HM Revenue & Customs), France (Direction Générale des Finances Publiques), Germany (Bundeszentralamt für Steuern), Italy (Agenzia delle Entrate), and from August 19, also India (Income Tax Department), and Japan (National Tax Agency). Each lure was customized and written in the language of the authority being impersonated.
Proofpoint analysts correlated the language of the email with public information available on a select number of targets, finding that the threat actor targeted the intended victims with their country of residence rather than the country that the targeted organization operates in or country or language that could be extracted from the email address. For example, certain targets in a multi-national European organization received emails impersonating the IRS because their publicly available information linked them to the US. In some cases, it appears that the threat actor mixed up the country of residence for some victims when the target had the same (but uncommon) name as a more well-known person with a more public presence. Emails were sent from suspected compromised domains, with the actor including the agency’s real domain in the email address.
The threat actor targeted 18 different verticals, but nearly a quarter of the organizations targeted were insurance companies. Aerospace, transportation, and university entities made up the rest of the top 50% of organizations targeted by the threat actor.
Proofpoint does not attribute this activity to a tracked threat actor. Based on the functionality of the malware and collected data observed when examining the Sheet, information gathering was one objective of this campaign. While many of the campaign characteristics align with cybercriminal threat activity, we assess this is likely espionage activity conducted to support as yet unknown final objectives.
The Frankensteinian amalgamation of clever and sophisticated capabilities, paired with very basic techniques and functionality, makes it difficult to assess the level of the threat actor’s capability and determine with high confidence the ultimate goals of the campaign. It is possible that large numbers of emails could be used to obscure a smaller set of actual targets, but it’s equally possible the actors wanted to genuinely infect dozens of organizations. It is also possible that multiple threat actors with varying levels of experience in developing tooling and initial access worked on this activity. Overall, it stands out as an unusual campaign.
The behavior combines a variety of recently popular techniques observed in several disparate campaigns from multiple cybercriminal threat actors that have used similar techniques as part of ongoing experimentation across the initial access ecosystem. Many of the techniques used in the campaign are observed more frequently in the cybercriminal landscape, demonstrating that actors engaging in suspected espionage activity often use the same TTPs as financially motivated threat actors.
While the activity appears to align with espionage activity, it is possible that future activities associated with this threat cluster may change this assessment. In that case, it would indicate cybercriminal actors, while demonstrating some typical e-crime delivery characteristics, used customized malware with unusual features currently only available to the operators and not abused in widespread campaigns, as well as very specific targeting not normally seen in financially motivated campaigns.
Defense against observed behaviors includes restricting access to external file sharing services to only known, safelisted servers; blocking network connections to TryCloudflare if it is not required for business purposes; and monitoring and alerting on use of search-ms in scripts and suspicious follow-on activity such as LNK and PowerShell execution.
Proofpoint reached out to our industry colleagues about the activities in this report abusing their services, and their collaboration is appreciated.
Tech News
Designed to speed up the future of computing experiences
ASBIS introduces AMD EPYC demo marketing server, offering high performance, scalability, and efficiency for data center applications, cloud computing, virtualization, and enterprise tasks
Recently ASBIS has unveiled the demo marketing server stack, which features the latest AMD EPYC 9454P processors in the Middle East, bringing cutting-edge computing capabilities to the region. This server stack is tailored to meet the demands of enterprise IT environments, offering remarkable performance, storage capacity, and scalability for critical applications, databases, and virtualized workloads. Its high-density storage capabilities and scalable architecture make it a perfect fit for scale-out NAS deployments and AI-accelerated workloads.
Let’s delve deeper into the main components and benefits of the AMD EPYC demo marketing server
Main components:
1. AMD Genoa 9454P CPU: Each Supermicro node is powered by an AMD Genoa 9454P 48-core CPU, which provides exceptional processing power and efficiency for diverse workloads.
2. Supermicro Single Socket Nodes: Our server stack includes three Supermicro single socket nodes, offering a flexible and cost-effective solution for various deployment scenarios.
3. 512 GB DDR5 Memory: With 512 GB of DDR5 memory per node, our server stack ensures ample memory capacity to support demanding applications and workloads, enabling seamless multitasking and data processing.
4. 6 TB NVMe Storage per Node: Each node is equipped with 6 TB of NVMe storage, harnessing the speed and performance of NVMe technology to provide high-throughput storage solutions for rapid data access and processing.
Key benefits:
Performance Optimization. The AMD Genoa 9454P CPUs utilize AMD Infinity Architecture to seamlessly connect CPU cores, memory, and I/O resources. This enhances overall system performance, scalability, and efficiency, optimizing resource utilization for diverse workloads.
Data Protection. The server stack is equipped with InfiniGuard integration, which utilizes advanced data protection and recovery capabilities to enhance data integrity and availability. InfiniGuard strengthens backup and disaster recovery processes, providing additional safeguarding for critical data assets against loss or corruption.
Enhanced Efficiency. The server stack offers support for hyperconverged, virtualized, and software-defined storage solutions, delivering the flexibility and scalability needed to adapt to changing IT needs. Whether it’s for deploying enterprise IT infrastructure, scale-out NAS environments, or AI-accelerated workloads, our server stack ensures top-notch performance and efficiency.
The AMD demo marketing server stack is a groundbreaking technology that is certain to have a positive impact on your business. Prepare to enhance your enterprise IT infrastructure with this powerful and versatile solution!
Tech News
How Connected Data Ecosystems Are Unlocking New Business Growth
Cloud data ecosystems are the way forward for both industrial enterprises and the technology providers that support them, says Rónán de Hooge, Executive Vice President, Cloud Platform Business, AVEVA. An industrial environment where machines anticipate their own maintenance needs, supply chains innovate in response to real-time demand and resource shifts, and industries operate with unparalleled efficiency and minimal waste—all orchestrated by human experts?
That vision is fast becoming a reality as industries organize in response to the evolving business landscape. Disrupted supply chains, resource scarcity, changing customer needs and increasing regulation are all now commonplace in our integrated, digital-first economy. Success in this challenging environment depends on collaboration. When suppliers, distributors and other chain partners share business information, insights and best practices, they can create combined value that exceeds what each can achieve individually.
Businesses aren’t just connected to each other—they’re interdependent. In industry and elsewhere, the future of business increasingly relies on a connected data ecosystem. Data ecosystems represent the next wave of digital transformation. They leverage a trusted network of technologies to connect people with data from industrial operators and their partners.
With industrial data ecosystems, companies gain access to new capabilities or expertise they may not have in-house. More importantly, a unified view across the value chain, enables companies to discover crucial new insights and leverage broader expertise that enhance their abilities amid a changing business environment. When this industrial intelligence is unified and shared in the cloud, every value chain participant – including partners, regulators and customers – can visualize routes to better efficiency, productivity and sustainability.
Data is the bedrock of growth for the industrial enterprise
Businesses everywhere are now using connected data ecosystems with customers, suppliers, partners and operators. Such integrated networks may even straddle two or more formerly separate sectors. In all cases, they carry value for each player within the ecosystem, including for technology developers.
At the core of this collaboration is data. Industrial organizations now collect data in greater quantities and from a wider variety of sources than ever before. Too often, however, this strategic asset remains siloed at the point of collection because of technology, security and governance barriers, rendering it inaccessible to even internal departments.
Sharing data across an organization—as well as with external partners—gives every player within the ecosystem a contextual understanding of how to optimize their role in the value chain. Industrial organizations are therefore catalyzing digital transformation to create seamless collaboration across the lifecycle and unlock greater value and sustainability gains for all stakeholders.
Around the world, many players are already leveraging these platform services to drive positive outcomes on several fronts:
- Drive efficiency through collaboration: Sharing data from a single source of truth empowers experts—regardless of location or technical background—to make better decisions faster.
- Achieve environmental, social and governance (ESG) targets: Viewing unified value chain data in context helps surface the interdependent areas where sustainability action can have the greatest impact, such as greater circularity, improved efficiency, reduced emissions and better regulatory compliance.
- Enhance individual and joint innovation: The competitive advantages gained from secure data-sharing communities strengthen trusted supplier and partner relationships. By adding context to real-time data, companies can expedite R&D, innovate together and mutually enhance competitive advantages.
- Improve decision-making: Seamlessly connecting diverse data sources and extensible applications within an ecosystem gives businesses richer and more complete insights that can reduce operational costs and improve revenue outcomes.
- Transform business for faster revenue: An industrial data ecosystem delivers value within hours instead of days or weeks. Accordingly, companies can achieve faster adoption, expand their market reach, and leverage economies of scale—all while reducing costs through lower software investments upfront and lower ongoing IT and maintenance expenses.
How ecosystem building works for technology companies
As industries begin strategizing for the outcomes enumerated above, data ecosystems are helping them meet their needs. This kind of ecosystem thinking also supports innovation for technology providers and developer partners.
Such digital platforms bring together a multitude of complementary solutions and applications that can be tailored to specific business needs. At their core, such an industry data community is a network of interconnected software applications, services, and platforms that integrate seamlessly to enhance process efficiencies while uncovering new value for end customers.
With an open and neutral platform, partners can expedite the development of emerging technologies and services, driving agility and value for customers. The ability to securely share specific data streams within a standardized format and with granular control supports the development of new applications and value-added services – without compromising intellectual property.
This adaptability is a game-changer at a time of increasing cross-domain innovation, when developments in one field, such as artificial intelligence, can support progress in another area. Connected data ecosystems provide the advantages developers need in an ever-evolving industrial landscape.
Industry appetite and the flywheel effect
Different industrial sectors have either already added to, or are accelerating, their investment in connected data ecosystems. The vast majority (90%) of respondents in IDC’s 2023 Future of Industry Ecosystems global survey said they plan to maintain or accelerate their investment into such data ecosystems this year and next. Principal motivations included increasing business agility, better process automation, improved systems integration, and increased data-sharing with partners, including for ESG reasons.
The survey interviewed 1,288 C-suite and business line executives decisionmakers across energy, construction, process manufacturing, government and other industries around the world. Overall, the appeal of the connected data ecosystem could lie in its ability to accelerate the flywheel effect, a concept familiar to engineers.
With the flywheel effect, small wins accumulate over time to create a momentum that keeps the business growing. Likewise, within the kind of integrated data community described here, every player can expect to be able to recalibrate for resilience in real-time, driving incremental gains for all stakeholders on a continuous basis.
Whether for industrial enterprises, technology companies or developers, the whole truly then becomes worth more than the sum of its parts. The value of connected data ecosystems—and the potential exponential growth they promise—will be the foundation of our sustainable future.
-
Tech News2 months ago
Denodo Bolsters Executive Team by Hiring Christophe Culine as its Chief Revenue Officer
-
Tech Interviews6 months ago
Navigating the Cybersecurity Landscape in Hybrid Work Environments
-
Features4 months ago
Security in the Cloud Age: Combating Risks with Hybrid Cloud Solutions
-
Tech News6 months ago
Brighton College Abu Dhabi and Brighton College Al Ain Donate 954 IT Devices in Support of ‘Donate Your Own Device’ Campaign
-
Tech Features3 months ago
The Middle East to Lead with Next-generation Mission Critical Communication Advancement
-
Automotive7 months ago
Al-Futtaim Automotive Builds On 23-Year Legacy of Trust & Leadership in UAE’s Pre-Owned Car Market to Sell Over 25,000 Used Vehicles in 2023
-
Tech News9 months ago
Senet enters MENA’s Competitive Gaming Scene with ‘skill-to-earn’ Platform
-
Tech Features8 months ago
How Telecommunications Providers Can Best Tackle DDoS Attacks