We’re available from 9 am to 6 pm on weekdays. Contact Us.
Advanced threat predictions for 2022

The Kaspersky Lab Global Research and Analysis Team has developed key predictions for where advanced persistent threats (APTs) are likely to strike next year.

Private sector supporting an influx of new APT players

This year, the use of surveillance software developed by private vendors has come under the spotlight. Given how potentially profitable this business is, and the impact the software can have on those targeted, vendors of such software will play a greater role, at least until governments seek to regulate its use.

Meanwhile, malware vendors and the offensive security industry will aim to support old but also new players in their operations.

Mobile devices exposed to wide attacks

From the point of view of the attackers, mobile devices are ideal targets – they travel almost everywhere with their owners, contain details about their private lives and the infections are very difficult to prevent or detect. Unlike PCs or Mac’s, where the user has the choice of installing a security suite, such products are either crippled or non-existent on iOS. This creates an extraordinary opportunity for APTs, one that no state-sponsored adversary will want to miss. In 2022, we will see more sophisticated attacks against mobile devices getting exposed and closed, accompanied by the inevitable denial from the perpetrators.

More supply chain attacks

We’ve seen some notable supply chain attacks this year and also seen cybercriminals take advantage of weaknesses in the security of suppliers in order to compromise customers of the compromised company. Such attacks represent a violation of trust somewhere in the supply chain; and they are particularly valuable for attackers because they provide a stepping-stone into many other targets in one fell swoop. For this reason, supply chain attacks will be a growing trend into 2022 and beyond.

Continued exploitation of work from home (WFH)

WFH will continue to provide opportunities for attackers to compromise corporate networks. This includes the use of social engineering to obtain credentials and brute-force attacks on corporate services, in the hope of finding poorly protected servers. In addition, as many people continue to use their own equipment, rather than devices locked down by corporate IT teams, attackers will look for new opportunities to exploit home computers that are unprotected or unpatched, as an entry vector to corporate networks.

Increase in APT intrusions in the META region, especially Africa

The main driver of this will be increasing geo-political tension across the board influencing an increase in espionage-based cyber-offensive activities. Geo-politics has been historically the primary contributing factor – among other factors such as economics, technology and foreign affairs – to influence cyber-intrusions with the objective of stealing sensitive data for national security purposes.

Africa has become the fastest urbanizing region and attracts millions of dollars in investments. At the same time, many countries on the continent are in a strategic position when it comes to maritime trade. This and the continuous improvement of defensive capabilities in this region lead to believe 2022 will feature major APT attacks in the META region, especially Africa.

Explosion of attacks against cloud security and outsourced services

More and more companies are incorporating cloud computing in their business models due to the convenience and scalability they offer. The devops movement has led many companies to adopt software architectures based on microservices and running on third-party infrastructure – infrastructure that’s usually only one password or API key away from being taken over.

This recent paradigm has security implications that developers may not fully comprehend, where defenders have little visibility and that APTs haven’t really investigated thus far. The latter will be the first to catch up.

In a broader sense, this prediction concerns outsourced services such as online document editing, file storage, email hosting, etc. Third-party cloud providers now concentrate enough data to attract the attention of state actors and will emerge as primary targets in sophisticated attacks.

The return of low-level attacks: bootkits are ‘hot’ again

Low-level implants are often shunned by attackers due to their inherent risk of causing system failures and the sophistication it requires to create them. Reports published by Kaspersky throughout 2021 indicate that offensive research on bootkits is alive and well: either the stealth gains now outweigh the risks, or low-level development has become more accessible. The Kaspersky Lab Global Research and Analysis Team expects to discover more advanced implants of this kind in 2022. In addition, as Secure Boot becomes more prevalent, attackers will need to find exploits or vulnerabilities in this security mechanism to bypass it and keep deploying their tools.

States clarify their acceptable cyber-offense practices

In the last decade, the whole industry observed a trend where cyberspace is becoming more and more politicized, especially when it comes to cyberwarfare. Last year, we predicted that legal indictments would become an integral part of Western states’ arsenals to impose cost on adversary operations.

An issue, however, is that states denouncing cyberattacks against them are at the same time known for conducting their own. For their protests to gain weight, they will need to create a distinction between the cyberattacks that are acceptable and those that are not. In 2022, some countries will publish their taxonomy of cyber-offense, precisely detailing which types of attack vector (for example, supply chain) and behaviour (for example, destructive, affecting civilian infrastructure, etc.) are off-limits.


Source: Kaspersky