The Kaspersky researchers present their predictions in the area of Advanced Persistent Threats (APTs) for the coming year 2022. Accordingly, the politicization of cyberspace will play an increasing role. They expect a return of low-level attacks, new APT actors and an increase in supply chain attacks.
The global changes in 2021 will have a direct impact on the development of advanced attacks in the coming year. Building on the trends the Kaspersky Global Research and Analysis Team (GReAT) observed in 2021, the researchers have produced a forecast designed to help the IT community prepare for future challenges.
Private sector supports influx of new APT actors
This year, the use of surveillance software developed by private vendors has come under the spotlight. Project Pegasus has changed perceptions of the likelihood of zero-day attacks on iOS in the real world. Also, developers of advanced monitoring tools have improved their abilities to bypass detections and prevent analytics (Example: FinSpy) and tested their use in the wild (Example: Slingshot framework).
Commercial surveillance software is a lucrative business for vendors and an effective tool in the hands of attackers because of its access to large amounts of personal data and broader targets. Kaspersky experts therefore assume that providers of such software will expand in cyberspace and make their services available to new advanced threat actors until governments begin to regulate their use.
Further predictions for the year 2022
- More supply chain attacks. In particular, the Kaspersky researchers observed the frequency of cases in which cyber criminals exploited vulnerabilities in manufacturer security to compromise a company's customers. Such attacks are particularly lucrative and valuable for attackers because they provide access to a large number of potential targets. Because of this, supply chain attacks are expected to see an upward trend through 2022.
- Return from low-level attacks: The use of boot kits is increasing again. Due to the increasing popularity of Secure Boot among desktop users, cyber criminals are forced to look for exploits or new vulnerabilities in this security mechanism in order to bypass its security system. Therefore, an increase in the number of boot kits is expected in 2022.
- Mobile devices - especially on iOS - are in danger: Smartphones have always been a sought-after target by attackers, as they accompany their owners everywhere and serve as storage space for a large amount of valuable information. In 2021, there were more zero-day attacks on iOS than ever before. Unlike a PC or Mac, where the user has the option of installing a security package, such products are either limited or simply not available with iOS. This creates extraordinary opportunities for APTs.
- Home office remains a popular attack vector. Cyber criminals will continue to use unprotected or unpatched employee home computers to break into company networks. Social engineering to steal credentials and brute force attacks on corporate services to gain access to weakly protected servers will continue to take place.
- More APT attacks in the META region, especially in Africa. The geopolitical tensions there are likely to result in an increase in cyber espionage. In addition, the new defense systems in the region are getting better and more sophisticated. Taken together, these trends suggest that the major APT attacks will occur in the META region of Africa.
- Increased attacks on the cloud and outsourced services. Many companies rely on cloud computing and software architectures that are based on microservices and run on third-party infrastructure, which are more prone to hacks. This makes more and more companies the preferred targets for nifty attacks in the coming year.
- States clarify what is acceptable to them Attack vectors. There is a growing trend for governments to both denounce and launch cyberattacks against them. Next year, some countries will publish their cybercrime classification, including the types of attack vectors that are acceptable to them.
“Every day there are dozens of events that change the world of cyberspace. These changes are hard to track and even harder to predict,” said Ivan Kwiatkowski, Senior Security Researcher at Kaspersky. “Nevertheless, for several years we have been able to predict many future trends in the world of cybersecurity based on the knowledge of our experts. We believe it is important to continue to follow APT activities, assess the impact of these targeted campaigns and share the lessons learned with the general public. We hope that with these predictions we can help users be better prepared for the future in cyberspace.”
The APT predictions were developed with the help of Kaspersky Threat Intelligence Services, which are used around the world.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/