Kaspersky presented a new issue that forecasts persistent cyber threats and how the threat landscape will change in 2022. The company predicts that politicization will play a more significant role in cyberspace, low-level attacks to have their comeback, an inflow of new APT actors, and a growth of supply chain attacks.

Kaspersky Global Research and Analysis Team (GReAT) observed the trends throughout 2021 and based its predictions on the changes to help the IT community prepare for the challenges ahead.

Kaspersky noted the use of surveillance software developed by private vendors has come under the spotlight, with Project Pegasus having reversed the perception of the likelihood of real-world zero-day attacks on iOS. The company has also seen developers of advanced surveillance tools increasing their detection evasion and anti-analysis capabilities (e.g., FinSpy) and using them in the wild, as in the case of the Slingshot framework.

Kaspersky experts expected that the vendors of commercial surveillance software would expand in cyberspace and provide its services to new advanced threat actors until governments begin to regulate its use.

Besides this, other targeted threat predictions for 2022 include:

  • Mobile devices exposed to broad, sophisticated attacks. Mobile devices have always been a tidbit for attackers, with smartphones traveling along with their owners everywhere. Each potential target acts as a storage for a vast amount of valuable information. However, in 2021 we have seen more in-the-wild zero-day attacks on iOS than ever before. Unlike on a PC or Mac, where the user can install a security package, on iOS, such products are either curtailed or simply non-existent. This creates extraordinary opportunities for APTs.
  • More supply-chain attacks. Kaspersky researchers paid particular attention to the frequency of cases in which cybercriminals exploited weaknesses in vendor security to compromise the company’s customers. Such attacks are particularly lucrative and valuable to attackers because they give access to many potential targets. For this reason, supply chain attacks are expected to be on an upward trend into 2022.
  • Continued exploitation of WFH. With remote work, cybercriminals will continue to use unprotected or unpatched employees’ home computers as a way to penetrate corporate networks. In addition, social engineering will continue to steal credentials and brute-force attacks on corporate services to gain access to weakly protected servers.
  • Increase in APT intrusions in the META region, especially in Africa. Geopolitical tensions in the region are increasing, which means cyber espionage is on the rise. Moreover, new defenses in the region are constantly improving and becoming more sophisticated. Taken together, these trends suggest that the main APT attacks in the META region will target Africa.
  • Explosion of attacks against cloud security and outsourced services. Numerous businesses incorporate cloud computing and software architectures based on microservices and run on third-party infrastructure, which is more susceptible to hacks. This makes more and more companies prime targets for sophisticated attacks in the coming year.
  • The return of low-level attacks: bootkits are “hot” again. Due to Secure Boot’s increasing popularity among desktop users, cybercriminals are forced to look for exploits or new vulnerabilities in this security mechanism to bypass its security system. Thus, growth in the number of bootkits is expected in 2022.
  • States clarify their acceptable cyber-offense practices. There is a growing tendency for governments both to denounce cyber-attacks against them and at the same time conduct their own. Next year some countries will publish their taxonomy of cyber-offenses, distinguishing acceptable types of attack vectors.

To read the full report on the advanced persistent cyber threat in 2022, visit the Securelist website. Interested to read Kaspersky’s previous prediction in 2020 can check it out here.


Please enter your comment!
Please enter your name here