Advanced Persistent Threats Predicted for 2022


Kaspersky research has revealed how the threat landscape will change in 2022. With politicisation playing an increasing role in cyberspace, some of the predictions outlined by researchers include the return of low-level attacks, an inflow of new APT actors, and a growth of supply chain attacks.

The changes in 2021 have a direct effect on the development of sophisticated attacks in the coming year. Building on trends that the Kaspersky Global Research and Analysis Team observed throughout 2021, the researchers have prepared a forecast to help the IT community prepare for the challenges ahead.


This year, the use of surveillance software developed by private vendors has come under the spotlight with Project Pegasus having reversed the perception of the likelihood of real-world zero-day attacks on iOS. We have also seen developers of advanced surveillance tools increasing their detection evasion and anti-analysis capabilities – as in the case of FinSpy – and using them the wild – as was the case with the Slingshot framework.

The potential of commercial surveillance software – its access to large amounts of personal data and wider targets – makes it a lucrative business for those who supply it and an effective tool in the hands of threat actors. Therefore, Kaspersky experts believe that vendors of such software will diligently expand in cyberspace and provide their services to new advanced threat actors, until governments begin to regulate its use.

Other targeted threat predictions for 2022 include:

  • Mobile devices exposed to wide, sophisticated attacks. Mobile devices have always been a tidbit for attackers and each potential target acting as a storage for a huge amount of valuable information. In 2021 we have seen more in-the-wild zero-day attacks on iOS than ever before. Unlike on a PC or Mac, where the user has the option of installing a security package, on iOS such products are either curtailed or simply non-existent. This creates extraordinary opportunities for APTs.
  • More supply-chain attacks. Kaspersky researchers paid particular attention to the frequency of cases in which cybercriminals exploited weaknesses in vendor security to compromise the company’s customers. Such attacks are particularly lucrative and valuable to attackers because they give access to many potential targets. For this reason, supply chain attacks are expected to be on an upward trend into 2022.
  • Continued exploitation of WFH. With remote work, cybercriminals will continue to use unprotected or unpatched employees’ home computers to penetrate corporate networks. Social engineering to steal credentials and brute-force attacks on corporate services to gain access to weakly protected servers will continue.
  • Explosion of attacks against cloud security and outsourced services. Numerous businesses are incorporating cloud computing and software architectures based on microservices and running on third-party infrastructure, which is more susceptible to hacks. This makes more and more companies prime targets for sophisticated attacks in the coming year.
  •  The return of low-level attacks: bootkits are “hot” again. Owing to the increasing popularity of Secure Boot among desktop users, cybercriminals are forced to look for exploits or new vulnerabilities in this security mechanism to bypass its security system. Thus, growth in the number of bootkits is expected in 2022.
  •  States clarify their acceptable cyber-offense practices. There is a growing tendency for governments both to denounce cyberattacks against them and at the same time conduct their own. Next year some countries will publish their taxonomy of cyber-offenses, distinguishing acceptable types of attack vectors.
  • Attacks against industrial organizations will continue and may become harder to automatically detect and prevent. Attackers need to adopt more efficient tactics and technologies to react to the security controls and mechanisms recently implemented in industrial organisations, as such they are now shortening the lifecycle of the malware in use. They are also limiting their use of malicious infrastructures and some even avoid using a malicious infrastructure altogether in the source of the attack. These are a few of the trends that will continue, and most likely we will face cyberattacks of even bigger threat potential and danger as result.