As technology, hardware, and infrastructure mature, applications similar to the metaverse will converge and with it the potential for cyberattacks, a new report from Trend Micro shows.
The reverse covers new and emerging technologies including augmented/virtual/mixed/extended reality, IoT, AI and machine learning and distributed ledger technology. There have been several metaverse-like apps, mainly for gamers. However, within the next 3-5 years, it is expected that more metaverse-like applications will be used for work, entertainment, education, and remote shopping.
Once the technology, hardware, and network infrastructure mature, there will be a natural convergence of many applications similar to the metaverse, Trend Micro commented. in a new reportand with that, potential for cyber threats. Some may apply now and some will be in place in three to five years, the security company said.
Online threats in the metaverse
Trend Micro has outlined eight potential threat categories:
1. NFT
One token is not replaceable is a single unit of data stored in blockchain and can be sold and traded. Security concerns include integrity issues because the NFT regulates asset ownership but does not provide storage. “This could lead to ransom or other criminal attacks,” Trend Micro said. “If NFT data files are encrypted in a ransomware attack, the user will retain ownership but they may be blocked from accessing the asset if they do not pay the ransom.”
2. The Darkverse
Darkverse is similar to black web, “Except it exists within the metaverse. In some ways, it is more dangerous than the dark web because of the fake presence of users. The Darkverse was created to facilitate and carry out illegal or criminal activities, according to the report. This space can also be used for free speech against oppressive entities or governments. It can be a space for illegal or criminal activities.
UNDERSTAND: Ethical policy on artificial intelligence (TechRepublic Premium)
3. Financial Fraud
Criminals “will be attracted to the metaverse because of the huge volume of e-commerce transactions that will occur in these worlds. There will be many guys trying to take advantage of users, steal their money and take over their digital assets.”
4. Privacy issues
There will be groups of virtual worlds mainly created and hosted by large corporations that are free to use. But in return, “metaverse publishers will control all aspects of their meta space, collect vast amounts of user data, and monetize the collected data. Even if there are open source metaverse worlds that users can host, the publisher hosting them will still be able to collect and monetize user data.” With unprecedented visibility into user actions, Trend Micro predicts privacy issues like data sovereignty will become a major concern in the metaverse.
5. Cyber-physical threats
The Spatial Web is a computer environment that exists in 3D and is “a hybrid of real and virtual enabled through billions of connected devices and accessed through VR/AR/MR/interfaces/ XR.” Metaverse will be an interactive application layer for the spatial web. This integration of IoT and the networked world can lead to cyber-physical threats such as man-in-the-middle attacks and unauthorized access to the Internet. digital twins. The report suggests that crimes like bullying and romance scams will happen “because attackers can create multiple avatars without revealing their identities.”
6. Virtual / Augmented / Mixed / Augmented Reality Threats
According to Trend Micro, there will be both VR and MR in super-reverse space, and VR-like hyperspace will be available within two to three years, while AR/MR super-reverse space will take at least another four to five years. , according to Trend Micro. Because users can forge a new identity and life in the metaverse, “bad guys will use the virtual world to plan and rehearse real-world crimes.” Criminals will try to block a user’s avatar from accessing services for which they have paid, such as preventing them from accessing or leaving a building or a virtual space. As mentioned in the NFT section, malicious actors will demand a ransom to grant users access to the services they have paid for. Businesses will create digital copies of their real-world stores in the metaverse. Criminals will copy these digital stores in another hyper-diversified space to defraud shoppers.
7. Social Engineering
Social engineering use psychological manipulation to trick users into making security mistakes or providing sensitive information. “Criminals or state actors will look for vulnerable groups of people who are sensitive to certain topics and then come up with targeted stories to influence them. These stories can be used to amplify current global issues. “Deepfakes can be used to commit crimes, and criminals can infiltrate a metaverse space to impersonate official avatars and then redirect the wrong user to that space. They can also impersonate the official avatar. service providers and provide false information in exchange for payment.
UNDERSTAND: Metaverse Scam Table: Everything You Need to Know (Free PDF) (TechRepublic)
8. Traditional IT attacks
Trend Micro predicts that current threat scenarios are most likely to occur in the metaverse, including
- Distributed denial of service
- Ransomware
- Bad guys try to write malicious code or scammers after the metaverse app APIs are made public
- Cloud-specific attacks if existing technology is used when calling or making API calls
- Devices are vulnerable, as metaverse applications will communicate with multiple IoT devices to enable network-physical AR interactions.
Plan security models now
Trend Micro points out that it is possible that “the metaverse we envisioned is neither feasible nor achievable, and the whole metaverse idea training process changes direction in a new direction”. However, with massive investments being poured into the metaverse, now is the time to start developing security models for it.
“This is challenging because we’re exploring an ever-evolving concept and trying to create security guidelines for products and services that don’t currently exist,” the security company pointed out. However, “anticipating threats and acting early will help us protect both metaverse and metaverse-like applications in the future.”
