Kaspersky researchers presented their vision of the future for advanced persistent threats (APTs), outlining how the threat landscape will change in 2022. Politicization playing an increasing role in cyberspace, the return of low-level attacks, an inflow of new APT actors and a growth of supply chain attacks are some of the predictions outlined by the researchers.
The changes in the world in 2021 have a direct effect on the development of sophisticated attacks in the coming year. Building on trends that the Kaspersky Global Research and Analysis Team (GReAT) observed throughout 2021, the researchers have prepared a forecast to help the IT community prepare for the challenges ahead.
Private sector supporting an influx of new APT players
This year, the use of surveillance software developed by private vendors has come under the spotlight with Project Pegasus having reversed the perception of the likelihood of real-world zero-day attacks on iOS. We have also seen developers of advanced surveillance tools increasing their detection evasion and anti-analysis capabilities – as in the case of FinSpy – and using them the wild – as was the case with the Slingshot framework.
The potential of commercial surveillance software – its access to large amounts of personal data and wider targets – makes it a lucrative business for those who supply it and an effective tool in the hands of threat actors. Therefore, Kaspersky experts believe that vendors of such software will diligently expand in cyberspace and provide their services to new advanced threat actors, until governments begin to regulate its use.
Other targeted threat predictions for 2022 include:
- Mobile devices exposed to wide, sophisticated attacks. Mobile devices have always been an easy target for attackers, each potential target acting as a storage for a huge amount of valuable information and is always with the target. There is more zero-day-attacks in 2021 on iOS than ever before. PC or Mac users have the option for security packages with it being simply non-existent for iOS, creating more opportunity for attackers.
- More supply-chain attacks. Attacks like these are particularly lucrative and valuable to attackers because they give access to a large number of potential targets. For this reason, Kaspersky researcher say supply chain attacks are expected to be on an upward trend into 2022.
- Continued exploitation of Work From Home. Cybercriminals will continue to use unprotected or unpatched employees’ home computers as a way to penetrate corporate networks. Social engineering to steal credentials and brute-force attacks on corporate services to gain access to weakly protected servers will continue.
- Increase in advanced persistent threats (APT) intrusions in the META region, especially in Africa. Geopolitical tensions in the region are increasing, which means cyber espionage is on the rise. Moreover, new defenses in the region are constantly improving and becoming more sophisticated. Taken together, these trends suggest that the main APT attacks in the META region will target Africa.
- Explosion of attacks against cloud security and outsourced services. Numerous businesses are incorporating cloud computing and software architectures based on microservices and running on third-party infrastructure, which is more susceptible to hacks. This makes more and more companies prime targets for sophisticated attacks in the coming year.
- The return of low-level attacks: bootkits are “hot” again. Owing to the increasing popularity of Secure Boot among desktop users, cybercriminals are forced to look for exploits or new vulnerabilities in this security mechanism to bypass its security system. Thus, growth in the number of bootkits is expected in 2022.
- States clarify their acceptable cyber-offense practices. There is a growing tendency for governments both to denounce cyber-attacks against them and at the same time conduct their own. Next year some countries will publish their taxonomy of cyber-offenses, distinguishing acceptable types of attack vectors.
There are dozens of events happening every day that are changing the world of cyberspace.
These changes are quite difficult to track, and even more difficult to foresee. Nevertheless, for several years now, based on the knowledge of our experts, we have been able to predict many future trends in the world of cybersecurity.
We believe it is crucial to continue to track APT-related activities, evaluate the impact these targeted campaigns have and share the insights we learn with the wider community.
By sharing these predictions, we hope to help users to be better prepared for what the future holds for them in cyberspace
Ivan Kwiatkowski, senior security researcher at Kaspersky
The APT predictions have been developed thanks to Kaspersky’s threat intelligence services used around the world. Read the full report on Securelist.
