- June 29, 2022
- Tech
- Data
- Cloud
- Luxembourg
- Security
- Startup
- Development
- Digital
Advanced threat predictions for 2022
The Kaspersky Lab Global Research and Analysis Team has developed key predictions for where advanced persistent threats (APTs) are likely to strike next year.
Private sector supporting an influx of new APT players
This year, the use of surveillance software developed by
private vendors has come under the spotlight. Given how potentially profitable
this business is, and the impact the software can have on those targeted, vendors
of such software will play a greater role, at least until governments seek to
regulate its use.
Meanwhile, malware vendors and the offensive security
industry will aim to support old but also new players in their operations.
Mobile devices exposed to wide attacks
From the point of view of the attackers, mobile devices are
ideal targets – they travel almost everywhere with their owners, contain
details about their private lives and the infections are very difficult to
prevent or detect. Unlike PCs or Mac’s, where the user has the choice of
installing a security suite, such products are either crippled or non-existent
on iOS. This creates an extraordinary opportunity for APTs, one that no
state-sponsored adversary will want to miss. In 2022, we will see more sophisticated
attacks against mobile devices getting exposed and closed, accompanied by the
inevitable denial from the perpetrators.
More supply chain attacks
We’ve seen some notable supply chain attacks this year and also seen cybercriminals take advantage of weaknesses
in the security of suppliers in order to compromise customers of the
compromised company. Such attacks represent a violation of trust somewhere in
the supply chain; and they are particularly valuable for attackers because they
provide a stepping-stone into many other targets in one fell swoop. For this
reason, supply chain attacks will be a growing trend into 2022 and beyond.
Continued exploitation of work from home (WFH)
WFH will continue to provide opportunities for attackers to
compromise corporate networks. This includes the use of social engineering to
obtain credentials and brute-force attacks on corporate services, in the hope
of finding poorly protected servers. In addition, as many people continue to
use their own equipment, rather than devices locked down by corporate IT teams,
attackers will look for new opportunities to exploit home computers that are
unprotected or unpatched, as an entry vector to corporate networks.
Increase in APT intrusions in the META region, especially
Africa
The main driver of this will be increasing geo-political
tension across the board influencing an increase in espionage-based
cyber-offensive activities. Geo-politics has been historically the primary
contributing factor – among other factors such as economics, technology and
foreign affairs – to influence cyber-intrusions with the objective of stealing
sensitive data for national security purposes.
Africa has become the fastest urbanizing region and attracts
millions of dollars in investments. At the same time, many countries on the
continent are in a strategic position when it comes to maritime trade. This and
the continuous improvement of defensive capabilities in this region lead to
believe 2022 will feature major APT attacks in the META region, especially
Africa.
Explosion of attacks against cloud security and
outsourced services
More and more companies are incorporating cloud computing in
their business models due to the convenience and scalability they offer. The
devops movement has led many companies to adopt software architectures based on
microservices and running on third-party infrastructure – infrastructure that’s
usually only one password or API key away from being taken over.
This recent paradigm has security implications that
developers may not fully comprehend, where defenders have little visibility and
that APTs haven’t really investigated thus far. The latter will be the first to
catch up.
In a broader sense, this prediction concerns outsourced
services such as online document editing, file storage, email hosting, etc.
Third-party cloud providers now concentrate enough data to attract the
attention of state actors and will emerge as primary targets in sophisticated
attacks.
The return of low-level attacks: bootkits are ‘hot’ again
Low-level implants are often shunned by attackers due to
their inherent risk of causing system failures and the sophistication it
requires to create them. Reports published by Kaspersky throughout 2021
indicate that offensive research on bootkits is alive and well: either the
stealth gains now outweigh the risks, or low-level development has become more
accessible. The Kaspersky Lab Global Research and Analysis Team expects to
discover more advanced implants of this kind in 2022. In addition, as Secure
Boot becomes more prevalent, attackers will need to find exploits or
vulnerabilities in this security mechanism to bypass it and keep deploying
their tools.
States clarify their acceptable cyber-offense practices
In the last decade, the whole industry observed a trend
where cyberspace is becoming more and more politicized, especially when it
comes to cyberwarfare. Last year, we predicted that legal indictments would
become an integral part of Western states’ arsenals to impose cost on adversary
operations.
An issue, however, is that states denouncing cyberattacks
against them are at the same time known for conducting their own. For their
protests to gain weight, they will need to create a distinction between the
cyberattacks that are acceptable and those that are not. In 2022, some
countries will publish their taxonomy of cyber-offense, precisely detailing
which types of attack vector (for example, supply chain) and behaviour (for
example, destructive, affecting civilian infrastructure, etc.) are off-limits.
READ MORE HERE
Source: Kaspersky