Threat intelligence data from one cybersecurity firm’s user ecosystem point to more intense politically-motivated attacks next year.

Using data from its user ecosystem and its global threat intelligence network, researchers from the Kaspersky Global Research and Analysis Team have noted how political developments have played an increasing role in cyberspace this year.

For 2022, the experts have prepared a forecast to help the IT community prepare for the challenges ahead.

This year, the use of surveillance software developed by private vendors has come under the spotlight, with Project Pegasus having reversed the perception of the likelihood of real-world zero-day attacks on iOS. The developers of advanced surveillance tools have increased their detection evasion and anti-analysis capabilities—as in the case of FinSpy—and have been using them in the wild.

The potential of commercial surveillance software, due to its access to large amounts of personal data and wider targets, makes it a lucrative business and an effective tool in the hands of threat actors. Therefore, Kaspersky experts believe that vendors of such software will diligently expand in cyberspace and provide their services to new advanced threat actors next year and until governments begin to regulate such commercial activities.

2022 cyber predictions

The seven advanced persistent threats (APTs) envisioned to take center stage next year by the Kaspersky researchers include:

  • Widespread sophisticated mobile attacks: With smartphones travelling along with their owners everywhere, and each potential target acting as a storage for a huge amount of valuable information, APTs will ramp up their in-the-wild zero-day attacks on iOS more than ever before. Unlike on a PC or Mac, where the user has the option of installing a security package, on iOS such products are either curtailed or simply non-existent. This creates extraordinary opportunities for APTs.
  • More supply-chain attacks: Such attacks are particularly lucrative and valuable to attackers because they give access to a large number of potential targets. For this reason, supply chain attacks are expected to be on an upward trend into 2022.
  • Continued exploitation of remote-working: Unprotected or unpatched employees’ home computers will continue to provide a way for hackers to penetrate corporate networks. Social engineering to steal credentials and brute-force attacks on corporate services to gain access to weakly protected servers will continue.
  • APT intrusions in the META region: Geopolitical tensions in the Middle East, Turkey and Africa (META) region are increasing, which means cyber espionage is on the rise. Moreover, new defenses in the region are constantly improving and becoming more sophisticated. Taken together, these trends suggest that the main APT attacks in the META region will target Africa.
  • Cloud security and outsourced services under fire: Numerous businesses are incorporating cloud computing and software architectures based on microservices and running on third-party infrastructure, which is more susceptible to hacks. This makes more companies prime targets for sophisticated attacks in the coming year.
  • The return of low-level attacks: Owing to the increasing popularity of Secure Boot among desktop users, cybercriminals are forced to look for exploits or new vulnerabilities in this security mechanism to bypass its security system. Thus, more bootkits are expected in 2022.
  • Countries will draw clear lines of ‘acceptable’ malicious acts: There is a growing tendency for governments both to denounce cyberattacks against them and at the same time conduct their own. Next year some countries will publish their taxonomy of cyber offenses, distinguishing acceptable types of attack vectors.

According to Ivan Kwiatkowski, one of the teams’ senior security researchers: “There are dozens of events happening every day that are changing the world of cyberspace. These changes are quite difficult to track, and even more difficult to foresee. Nevertheless, we believe it is crucial to continue to track APT-related activities, evaluate the impact these targeted campaigns have and share the insights we learn with the wider community. By doing so, we hope to help users to be better prepared for what the future holds for them in cyberspace.”