Advanced Persistent Threats in 2022: what to look out for next year (2024)

Kaspersky researchers presented their vision of the future for advanced persistent threats (APTs), outlining how the threat landscape will change in 2022. Politicization playing an increasing role in cyberspace, the return of low-level attacks, an inflow of new APT actors and a growth of supply chain attacks are some of the predictions outlined by the researchers.

Thechanges in the world in 2021 have a direct effect on the development of sophisticatedattacks in the coming year. Buildingon trends that the Kaspersky Global Research and Analysis Team (GReAT) observedthroughout 2021, the researchers have prepared a forecast to help the IT communityprepare for the challenges ahead.

Privatesector supporting an influx of new APT players

This year, the use ofsurveillance software developed by private vendors has come under the spotlightwith Project Pegasus having reversed the perception of the likelihood of real-worldzero-day attacks on iOS. Wehave also seen developers of advanced surveillance tools increasing their detectionevasion and anti-analysis capabilities – as in the case of FinSpy – and using them the wild – as was the case with the Slingshot framework.

The potential of commercial surveillancesoftware – its access to large amounts of personal data and wider targets - makesit a lucrative business for those who supply it and an effective tool in thehands of threat actors. Therefore, Kaspersky experts believe that vendors ofsuch software will diligently expand in cyberspace and provide their servicesto new advanced threat actors, until governments begin to regulate its use.

Other targetedthreat predictions for 2022 include:

Mobile devices exposed to wide,sophisticated attacks. Mobile devices have always been a tidbit for attackers, withsmartphones travelling along with their owners everywhere, and each potentialtarget acting as a storage for a huge amount of valuable information. In 2021we have seen more in-the-wild zero-day attacks on iOS than ever before. Unlikeon a PC or Mac, where the user has the option of installing a security package,on iOS such products are either curtailed or simply non-existent. This createsextraordinary opportunities for APTs.

More supply-chain attacks. Kaspersky researchers paid particularattention to the frequency of cases in which cybercriminals exploitedweaknesses in vendor security to compromise the company's customers. Such attacksare particularly lucrative and valuable to attackers because they give accessto a large number of potential targets. For this reason, supply chain attacksare expected to be on an upward trend into 2022.

Continued exploitation of WFH. With remote work, cybercriminals willcontinue to use unprotected or unpatched employees' home computers as a way topenetrate corporate networks. Social engineering to steal credentials andbrute-force attacks on corporate services to gain access to weakly protected serverswill continue.

Increase in APT intrusions in the METAregion, especially in Africa.Geopolitical tensions in the region are increasing, which means cyber espionageis on the rise. Moreover, new defenses in the region are constantly improvingand becoming more sophisticated. Taken together, these trends suggest that themain APT attacks in the META region will target Africa.

Explosion of attacks against cloud securityand outsourced services. Numerousbusinesses are incorporating cloud computing and software architectures basedon microservices and running on third-party infrastructure, which is moresusceptible to hacks. This makes more and more companies prime targets forsophisticated attacks in the coming year.

The return of low-level attacks: bootkitsare “hot” again. Owing tothe increasing popularity of Secure Boot among desktop users, cybercriminalsare forced to look for exploits or new vulnerabilities in this securitymechanism to bypass its security system. Thus, growth in the number of bootkitsis expected in 2022.

States clarify their acceptablecyber-offense practices. Thereis a growing tendency for governments both to denounce cyber-attacks againstthem and at the same time conduct their own. Next year some countries will publishtheir taxonomy of cyber-offenses, distinguishing acceptable types of attackvectors.

“There are dozens of events happening every day thatare changing the world of cyberspace. These changes are quite difficult totrack, and even more difficult to foresee. Nevertheless, for several years now,based on the knowledge of our experts, we have been able to predict many futuretrends in the world of cybersecurity. We believe it is crucial to continue totrack APT-related activities, evaluate the impact these targeted campaigns haveand share the insights we learn with the wider community. By sharing thesepredictions, we hope to help users to be better prepared for what the futureholds for them in cyberspace,” says Ivan Kwiatkowski, senior security researcher at Kaspersky.

The APT predictions havebeen developed thanks to Kaspersky’s threat intelligence services used aroundthe world. Read the full report on Securelist.

On November 17 at 3 PM CET, Kaspersky’s GReAT researchers will discusstheir predictions for upcoming changes in the world of major threat actors in2022 and take a look back at 2021. Registerfor the webinar here:https://kas.pr/91bh

These predictions are a part ofKaspersky Security Bulletin (KSB) – an annual predictions series and analyticalarticles on key changes in the world of cybersecurity. Click here to look at other KSBpieces.

To look back at what the Kaspersky expertsexpected to see in the advanced targeted threats landscape in 2020, please readour previous yearly report.

About Kaspersky

Kaspersky is aglobal cybersecurity and digital privacy company founded in 1997. Kaspersky’sdeep threat intelligence and security expertise is constantly transforming intoinnovative security solutions and services to protect businesses, criticalinfrastructure, governments and consumers around the globe. The company’scomprehensive security portfolio includes leading endpoint protection and anumber of specialized security solutions and services to fight sophisticatedand evolving digital threats. Over 400 million users are protected by Kasperskytechnologies and we help 240,000 corporate clients protect what matters most tothem. Learn more at www.kaspersky.com.

Advanced Persistent Threats in 2022: what to look out for next year (2024)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Melvina Ondricka

Last Updated:

Views: 5732

Rating: 4.8 / 5 (68 voted)

Reviews: 83% of readers found this page helpful

Author information

Name: Melvina Ondricka

Birthday: 2000-12-23

Address: Suite 382 139 Shaniqua Locks, Paulaborough, UT 90498

Phone: +636383657021

Job: Dynamic Government Specialist

Hobby: Kite flying, Watching movies, Knitting, Model building, Reading, Wood carving, Paintball

Introduction: My name is Melvina Ondricka, I am a helpful, fancy, friendly, innocent, outstanding, courageous, thoughtful person who loves writing and wants to share my knowledge and understanding with you.