Advanced Persistent Threats in 2022: what to look out for next year
November 2021 by Kaspersky
Kaspersky researchers presented their vision of the future for advanced persistent threats (APTs), outlining how the threat landscape will change in 2022. Politicisation playing an increasing role in cyberspace, the return of low-level attacks, an inflow of new APT actors and a growth of supply chain attacks are some of the predictions outlined by the researchers.
The changes in the world in 2021 have a direct effect on the development of sophisticated attacks in the coming year. Building on trends that the Kaspersky Global Research and Analysis Team (GReAT) observed throughout 2021, the researchers have prepared a forecast to help the IT community prepare for the challenges ahead.
Private sector supporting an influx of new APT players
This year, the use of surveillance software developed by private vendors has come under the spotlight with Project Pegasus having reversed the perception of the likelihood of real-world zero-day attacks on iOS. We have also seen developers of advanced surveillance tools increasing their detection evasion and anti-analysis capabilities – as in the case of FinSpy – and using them the wild – as was the case with the Slingshot framework.
The potential of commercial surveillance software – its access to large amounts of personal data and wider targets - makes it a lucrative business for those who supply it and an effective tool in the hands of threat actors. Therefore, Kaspersky experts believe that vendors of such software will diligently expand in cyberspace and provide their services to new advanced threat actors, until governments begin to regulate its use.
Other targeted threat predictions for 2022 include:
• Mobile devices exposed to wide, sophisticated attacks. Mobile devices have always been a tidbit for attackers, with smartphones travelling along with their owners everywhere, and each potential target acting as a storage for a huge amount of valuable information. In 2021 we have seen more in-the-wild zero-day attacks on iOS than ever before. Unlike on a PC or Mac, where the user has the option of installing a security package, on iOS such products are either curtailed or simply non-existent. This creates extraordinary opportunities for APTs.
• More supply-chain attacks. Kaspersky researchers paid particular attention to the frequency of cases in which cybercriminals exploited weaknesses in vendor security to compromise the company’s customers. Such attacks are particularly lucrative and valuable to attackers because they give access to a large number of potential targets. For this reason, supply chain attacks are expected to be on an upward trend into 2022.
• Continued exploitation of WFH. With remote work, cybercriminals will continue to use unprotected or unpatched employees’ home computers as a way to penetrate corporate networks. Social engineering to steal credentials and brute-force attacks on corporate services to gain access to weakly protected servers will continue.
• Increase in APT intrusions in the META region, especially in Africa. Geopolitical tensions in the region are increasing, which means cyber espionage is on the rise. Moreover, new defenses in the region are constantly improving and becoming more sophisticated. Taken together, these trends suggest that the main APT attacks in the META region will target Africa.
• Explosion of attacks against cloud security and outsourced services. Numerous businesses are incorporating cloud computing and software architectures based on microservices and running on third-party infrastructure, which is more susceptible to hacks. This makes more and more companies prime targets for sophisticated attacks in the coming year.
• The return of low-level attacks: bootkits are “hot” again. Owing to the increasing popularity of Secure Boot among desktop users, cybercriminals are forced to look for exploits or new vulnerabilities in this security mechanism to bypass its security system. Thus, growth in the number of bootkits is expected in 2022.
• States clarify their acceptable cyber-offense practices. There is a growing tendency for governments both to denounce cyber-attacks against them and at the same time conduct their own. Next year some countries will publish their taxonomy of cyber-offenses, distinguishing acceptable types of attack vectors.
“There are dozens of events happening every day that are changing the world of cyberspace. These changes are quite difficult to track, and even more difficult to foresee. Nevertheless, for several years now, based on the knowledge of our experts, we have been able to predict many future trends in the world of cybersecurity. We believe it is crucial to continue to track APT-related activities, evaluate the impact these targeted campaigns have and share the insights we learn with the wider community. By sharing these predictions, we hope to help users to be better prepared for what the future holds for them in cyberspace,” says Ivan Kwiatkowski, senior security researcher at Kaspersky.
The APT predictions have been developed thanks to Kaspersky’s threat intelligence services used around the world. On November 17 at 3 PM CET, Kaspersky’s GReAT researchers will discuss their predictions for upcoming changes in the world of major threat actors in 2022 and take a look back at 2021. Register for the webinar here: https://kas.pr/91bh
These predictions are a part of Kaspersky Security Bulletin (KSB) – an annual predictions series and analytical articles on key changes in the world of cybersecurity.