Kaspersky predicts advanced persistent threats in 2022

Kaspersky researchers presented their vision of the future for advanced persistent threats (APTs), outlining how the threat landscape will change in 2022.

Building on trends that the Kaspersky Global Research and Analysis Team (GReAT) observed throughout 2021, the researchers have prepared a forecast to help the IT community prepare for the challenges ahead.

The APT predictions have been developed by Kaspersky’s threat intelligence services used around the world and are a part of Kaspersky Security Bulletin (KSB) – an annual predictions series and analytical articles on key changes in the world of cybersecurity.

Some of the threat predictions outlined by the researchers for 2022 include:

Private sector supporting an influx of new APT players
The use of surveillance software developed by private vendors has come under the spotlight with Project Pegasus having reversed the perception of the likelihood of real-world zero-day attacks on iOS. Developers of advanced surveillance tools have been seen increasing their detection evasion and anti-analysis capabilities – as in the case of FinSpy – and using them the wild – as was the case with the Slingshot framework.

The potential of commercial surveillance software – its access to large amounts of personal data and wider targets – makes it a lucrative business for those who supply it and an effective tool in the hands of threat actors. Therefore, Kaspersky experts believe that vendors of such software will diligently expand in cyberspace and provide their services to new advanced threat actors, until governments begin to regulate its use.

Mobile devices exposed to wide, sophisticated attacks
Mobile devices have always been a tidbit for attackers, with smartphones travelling along with their owners everywhere, and each potential target acting as a storage for a huge amount of valuable information. In 2021 we have seen more in-the-wild zero-day attacks on iOS than ever before. Unlike on a PC or Mac, where the user has the option of installing a security package, on iOS such products are either curtailed or simply non-existent. This creates extraordinary opportunities for APTs.

More supply-chain attacks
Kaspersky researchers paid particular attention to the frequency of cases in which cybercriminals exploited weaknesses in vendor security to compromise the company’s customers. Such attacks are particularly lucrative and valuable to attackers because they give access to a large number of potential targets. For this reason, supply chain attacks are expected to be on an upward trend into 2022.

Continued exploitation of WFH
With remote work, cybercriminals will continue to use unprotected or unpatched employees’ home computers as a way to penetrate corporate networks. Social engineering to steal credentials and brute-force attacks on corporate services to gain access to weakly protected servers will continue.

Explosion of attacks against cloud security and outsourced services
Numerous businesses are incorporating cloud computing and software architectures based on micro services and running on third-party infrastructure, which is more susceptible to hacks. This makes more and more companies prime targets for sophisticated attacks in the coming year.

Return of low-level attacks: Back to bootkits
Owing to the increasing popularity of secure boot among desktop users, cybercriminals are forced to look for exploits or new vulnerabilities in this security mechanism to bypass its security system. Thus, growth in the number of bootkits is expected in 2022.

States clarify their acceptable cyber-offense practices
There is a growing tendency for governments to denounce cyber-attacks against them and conduct their won at the same time. Next year some countries will publish their taxonomy of cyber-offenses, distinguishing acceptable types of attack vectors.

Ivan Kwiatkowski, senior security researcher at Kaspersky.

Ivan Kwiatkowski, senior security researcher at Kaspersky said dozens of events are happening daily that are changing the world of cyberspace.

“These changes are quite difficult to track and even more difficult to foresee. Nevertheless, for several years now, based on the knowledge of our experts, we have been able to predict many future trends in the world of cybersecurity. We believe it is crucial to continue to track APT-related activities, evaluate the impact these targeted campaigns have and share the insights we learn with the wider community. By sharing these predictions, we hope to help users to be better prepared for what the future holds for them in cyberspace,” he said.