Cloud providers face enough headaches from attacks by criminal hackers, but if researchers at Kaspersky are correct, nation-state actors will join the attacks in 2022.
That’s one of the predictions Kaspersky made in its annual look at what’s coming from advanced persistent threat actors (APTs).
Third-party cloud providers — including outsourced services such as online document editing, file storage, and email hosting — now concentrate enough data to attract the attention of state actors and will emerge as primary targets in sophisticated attacks, the company predicted.
More and more companies are incorporating cloud computing into their business models due to the convenience and scalability they offer, Kaspersky argues. The devops movement has led many companies to adopt software architectures based on microservices and running on third-party infrastructure – infrastructure that’s usually only one password or API key away from being taken over, it says.
“This recent paradigm has security implications that developers may not fully comprehend, where defenders have little visibility and that APTs haven’t really investigated thus far. We believe the latter (APTs) will be the first to catch up.”
Other predictions include
—more sophisticated attacks against mobile devices will be exposed and closed. While Android-based devices have a lot of cybercriminal malware (albeit, adds the report, not free from APT attacks), iOS is mostly in the crosshairs of advanced nation-state-sponsored cyberespionage. More iOS zero-days were reported in the wild in 2021 than in any other year, the report notes. In addition, private sector firms selling exploits to government agencies in authoritarian countries — like the Pegasus Project — “brought a new dimension to the otherwise obscure world of iOS zero-click zero-day attacks. the report notes;
—supply chain attacks will be a growing trend into 2022 and beyond. Supply chains are particularly valuable for attackers because they provide a stepping-stone into many other targets in one fell swoop, says the report. APTs hit supply chains in 2021, the report says, but so did cybercriminals — referencing ransomware attacks on the Colonial Pipeline and JBS Foods. Expect more in the new year;
—attackers will look for new opportunities to exploit home computers that are unprotected or unpatched, as an entry vector to corporate networks. Notwithstanding the relaxation of pandemic lockdown rules in various parts of the world, many employees continue to work from home and are likely to do so for the foreseeable future, argues the report;
—bootkits will be ‘hot’ again. Low-level implants are often shunned by attackers due to their inherent risk of causing system failures and the sophistication it requires to create them, says the report. But reports published by Kaspersky throughout 2021 indicate that offensive research on bootkits — malicious programs that load as early as possible in the boot process — is alive and well; either the stealth gains now outweigh the risks, the report says, or low-level development has become more accessible. The company expects to discover more advanced implants of this kind in 2022. In addition, as computers with Secure Boot become more prevalent, attackers will need to find exploits or vulnerabilities in this security mechanism to bypass it and keep deploying their tools.