Advanced persistent threats, which focus on cyberespionage goals, are a constant threat to companies, governments and freedom activists, to name a few. This activity keeps growing and evolving as more threat actors increase their skill.

SEE: Google Chrome: Security and UI tips you need to know  (TechRepublic Premium)

Kaspersky released its advanced threat predictions for 2022 and shared interesting thoughts on next year's landscape. Here are eight things Kaspersky predicts will happen in the coming year.

1. An influx of new APT actors

The recent legal cases against offensive security companies like NSO brought the use of surveillance software under the spotlight. NSO, an Israeli company providing services including offensive security, is being accused of providing governments with spyware that was ultimately turned on journalists and activists.

Following that action, the U.S. Department of Commerce reported in a press release that it added NSO to its entity list for engaging in activities that are contrary to the national security or foreign policy interests of the United States. The department added three other companies to that list: Candiru (Israel), Positive Technologies (Russia), and Computer Security Initiative Consultancy PTE LTD (Singapore).

The zero-day exploit market keeps growing, while more and more software vendors start selling offensive capabilities. All this business is highly profitable and can only attract more players in the game, at least until governments take actions to regulate its use.

Kaspersky said that "malware vendors and the offensive security industry will aim to support old but also new players in their operations."

2. Mobile devices targeting

The topic of compromising mobile devices is not new, yet still very sensitive. Kaspersky underlined an important difference between the two main operating systems on mobile phones: Android and iOS. Android allows more easily the installation of third-party applications, which results in a more cybercriminal-oriented malware environment, while iOS is mostly targeted by advanced nation-state sponsored cyberespionage. The Pegasus case revealed by Amnesty International in 2021 brought a new dimension to the iOS zero-click, zero-day attacks.

SEE: Password breach: Why pop culture and passwords don't mix (free PDF) (TechRepublic)  

Malware infection is actually harder to prevent and detect on mobile devices, while the data it contains often is a mixture of personal and professional data never leaving its owner. IT makes it a perfect target for an APT attacker.

Kaspersky concluded, "In 2022, we will see more sophisticated attacks against mobile devices getting exposed and closed, accompanied by the inevitable denial from the perpetrators."

3. More supply-chain attacks

This year saw the targeting of Managed Service Providers by the REvil/Sodinokibi ransomware group. This kind of attack is devastating because it allows one attacker, once he or she successfully compromises the provider, to bounce and easily compromise a greater number of companies at the same time.

"Supply-chain attacks will be a growing trend into 2022 and beyond," Kaspersky said.

4. Work from home creates attacking opportunities

Work from home is necessary for many employees and still will be for the foreseeable future, due to pandemic lockdown rules. This creates opportunities for attackers to compromise corporate networks. Social engineering and brute-force attacks may be used to obtain credentials to corporate services. And the use of personal equipment at home, rather than using devices protected by the corporate IT teams, makes it easier for the attackers.

New opportunities to exploit home computers that are not fully patched or protected will be looked at by threat actors to gain an initial foothold on corporate networks.

5. Geopolitics: An increase in APT attacks in the META region

The increasing tensions in geopolitics around the Middle East and Turkey, and the fact that Africa has become the fastest urbanizing region and attracts huge investments, are very likely factors that will increase the number of major APT attacks in the META region, especially in Africa.

6. Cloud security and outsourced services at risk

Cloud security offers a lot of advantages for companies worldwide, yet access to these kinds of infrastructure usually lies on a single password or API key. In addition, outsourced services like online document handling or file storage contain data that can be very interesting for an APT threat actor.

Kaspersky said that those will "attract the attention of state actors and will emerge as primary targets in sophisticated attacks."

7. Back to bootkits

Low-level bootkits have often been shunned by attackers because there is a higher risk of causing system failures. Also, it takes a lot more energy and skills to create them. Offensive research on bootkits is alive and well, and more advanced implants of this kind are to be expected. In addition, with secure boot becoming more prevalent, "attackers will need to find exploits or vulnerabilities in this security mechanism to bypass it and keep deploying their tools" Kaspersky said.

8. Clarification of acceptable cyber-offense practices

In 2021, cyberwarfare made it so that legal indictments became more used as part of the arsenal on adversary operations.

Yet states who denounce APT operations are often conducting their own at the same time. Those will need to "create a distinction between the cyberattacks that are acceptable and those that are not". Kaspersky believes some countries will publish their taxonomy of cyber-offense in 2022, detailing which types of attack vector and behavior are off-limits.

What happened in 2021?

This year has seen many types of threats that rocked the cybersecurity community. Here are six 2021 threats we have seen, according to Kaspersky.

Also see