Advanced Persistent Threat Outlook 2022

Advanced persistent threats, which focus on cyberespionage goals, are a constant threat. This activity keeps growing and evolving as more threat actors increase their skill. Kaspersky released its APT for 2022 and shared interesting thoughts on next year’s landscape.

1. An influx of new APT actors

NSO, an Israeli company providing services including offensive security, is being accused of providing governments with spyware that was ultimately turned on journalists and activists.Zeroday exploit market keeps growing, while more and more software vendors start selling offensive capabilities. More players will pitch in to gain more profit

2. Mobile devices targeting

Targetting mobile devices is not a new topic to discuss. Android allows more easily the installation of third-party applications, which results in a more cybercriminal oriented malware environment, while iOS is mostly targeted by advanced nation-state sponsored cyberespionage. Malware attack will get sophisticated and we will see more attacks accompanied inevitable denial from attackers

3.Supply-chain attacks

Managed Service Providers by the REvil/Sodinokibi ransomware group. This kind of attack is devastating because it allows one attacker, once he or she successfully compromises the provider, to bounce and easily compromise a greater number of companies at the same time. Supply chain attacks will be a growing trend into 2022 and beyond,

4. WFH an attacking opportunities

WFH opportunities for attackers to compromise corporate networks. Social engineering  and  brute force attacks may be used to obtain credentials to corporate services. And the use of personal equipment at home, rather than using devices protected by the corporate IT teams, makes it easier for the attackers.

5. Geopolitics: APT in META region

The increasing tensions in geopolitics around the Middle East and Turkey, and the fact that Africa has become the fastest urbanizing region and attracts huge investments, are very likely factors that will increase the number of major APT attacks in the META region, especially in Africa.

6. Cloud security services at risk

Cloud security offers a lot of advantages for companies worldwide, yet access to these kinds of infrastructure usually lies on a single password or API key. Outsourced services like online document handling or file storage contain data that can be very interesting for an APT threat actor and will gather state sponserd actor attention to initiate sophisticated attacks

7. Bootkits

Low-level bootkits have often been shunned by attackers because there is a higher risk of causing system failures. Also, it takes a lot more energy and skills to create them. Offensive research on bootkits is alive and well, and more advanced implants of this kind are to be expected. In addition, with secure boot becoming more prevalent, “attackers will need to find exploits or vulnerabilities in this security mechanism to bypass it and keep deploying their tools”.

8. Acceptable cyber-offense practices

Cyberwarfare made it so that legal indictments became more used as part of the arsenal on adversary operations. Yet states who denounce APT operations are often conducting their own at the same time. Those will need to “create a distinction between the cyberattacks that are acceptable and those that are not”. Some countries will publish their taxonomy of cyber-offense in 2022, detailing which types of attack vector and behavior are off-limits.