Advanced persistent threats, which focus on cyberespionage goals, are a constant threat. This activity keeps growing and evolving as more threat actors increase their skill. Kaspersky released its APT for 2022 and shared interesting thoughts on next year’s landscape.
1. An influx of new APT actors
NSO, an Israeli company providing services including offensive security, is being accused of providing governments with spyware that was ultimately turned on journalists and activists.Zeroday exploit market keeps growing, while more and more software vendors start selling offensive capabilities. More players will pitch in to gain more profit
2. Mobile devices targeting
Targetting mobile devices is not a new topic to discuss. Android allows more easily the installation of third-party applications, which results in a more cybercriminal oriented malware environment, while iOS is mostly targeted by advanced nation-state sponsored cyberespionage. Malware attack will get sophisticated and we will see more attacks accompanied inevitable denial from attackers
Managed Service Providers by the REvil/Sodinokibi ransomware group. This kind of attack is devastating because it allows one attacker, once he or she successfully compromises the provider, to bounce and easily compromise a greater number of companies at the same time. Supply chain attacks will be a growing trend into 2022 and beyond,
4. WFH an attacking opportunities
WFH opportunities for attackers to compromise corporate networks. Social engineering and brute force attacks may be used to obtain credentials to corporate services. And the use of personal equipment at home, rather than using devices protected by the corporate IT teams, makes it easier for the attackers.
5. Geopolitics: APT in META region
The increasing tensions in geopolitics around the Middle East and Turkey, and the fact that Africa has become the fastest urbanizing region and attracts huge investments, are very likely factors that will increase the number of major APT attacks in the META region, especially in Africa.
6. Cloud security services at risk
Cloud security offers a lot of advantages for companies worldwide, yet access to these kinds of infrastructure usually lies on a single password or API key. Outsourced services like online document handling or file storage contain data that can be very interesting for an APT threat actor and will gather state sponserd actor attention to initiate sophisticated attacks
Low-level bootkits have often been shunned by attackers because there is a higher risk of causing system failures. Also, it takes a lot more energy and skills to create them. Offensive research on bootkits is alive and well, and more advanced implants of this kind are to be expected. In addition, with secure boot becoming more prevalent, “attackers will need to find exploits or vulnerabilities in this security mechanism to bypass it and keep deploying their tools”.
8. Acceptable cyber-offense practices
Cyberwarfare made it so that legal indictments became more used as part of the arsenal on adversary operations. Yet states who denounce APT operations are often conducting their own at the same time. Those will need to “create a distinction between the cyberattacks that are acceptable and those that are not”. Some countries will publish their taxonomy of cyber-offense in 2022, detailing which types of attack vector and behavior are off-limits.