What are the potential cybersecurity threat scenarios that world is likely to encounter in the early stages of the metaverse?
Trend Micro released which examines nine different categories of threats against the metaverse and inside the metaverse, including cyber-physical crime, financial fraud, legal implications and more.
The threats are sorted
into nine categories outlined below:
NFTs: There are integrity issues. NFTs regulate ownership of assets, but do not provide storage for the
assets. This may lead to ransoming or other criminal attacks. If NFT data files are encrypted in a
ransomware attack, the user will still retain ownership but they can be blocked from accessing the
assets if they do not pay the ransom.
Darkverse: The darkverse is like the dark web, except it exists inside the metaverse. In some ways, it is more dangerous
than the dark web because of the pseudo-physical presence of the users. It mimics clandestine physical
meetings versus the purely online open discussion threads in dark web criminal forums. The darkverse
lives inside the deepverse, which is unindexed like the deep web.
Financial fraud: Criminals and criminal groups will be drawn to the metaverse because of the huge volume of e-commerce
transactions that will occur in these worlds. There will be many who try and take advantage of users, steal
their money, and capture their digital assets.
Privacy issues: Privacy issues will become a major concern
in the metaverse.
publishers will control all aspects of their meta spaces, collect vast amounts of user data, and monetize
the collected data. Even if there are open-source metaverse worlds that users can host, the publisher who
hosts them will still be able to collect and monetize user data.
Cyber-physical threats: The metaverse is going to be an interactive application layer for the Spatial Web. The Spatial Web is a computing environment that exists in 3D space — a twinning of real and virtual realities enabled via billions of connected devices and accessed through VR / AR / MR / XR interfaces. The integration of IoT and cyber
worlds could give rise to cyber-physical threats.
Virtual / augmented / mixed / extended reality threats: The metaverse is going to exist as both a VR and an MR world — user interactions will occur inside the 3D
virtual worlds, or with 3D objects augmented in the real world. VR metaverse-like spaces
will arrive within two to three years, while AR / MR metaverse spaces are at least four to five years away.
Social engineering: Social engineering uses psychological manipulation to trick
users into making security mistakes or give away sensitive information. For example, deep fakes can be leveraged to commit crime, criminals can infiltrate a metaverse to impersonate companies, providers, officials, etc.
- Traditional IT attacks: Since metaverse worlds will run on regular IT hardware, they are susceptible to these IT attacks. Current IT threat scenarios will very likely keep happening in the metaverse: distributed denial of service (DDoS), API attacks, ransomware, etc.
Miscellaneous threats and issues: Some of the metaverse threats and security concerns Trend Micro analyzed did not fit neatly into any of previous categories. Miscellaneous threats and issues may include:
- law enforcement agencies may struggle intercepting crimes and criminals in the metaverse
- environmental impact of the metaverse. Bitcoin mining, for example, uses huge amounts of electricity
- network partitioning due to uplink or power failures need to
be handled securely
- the metaverse can hardly be disassociated from large tech companies
- policies and enforcement of copyright infringements
- ethics, responsibilities, and accountability of interacting with bots, or artificial intelligence
- moderation of speech and activities within the metaverse (fake news, hate, extremism, racism, bullying, harassment, etc.)
The report underscores the urgency for tech companies to start developing new security models to protect applications designed for the metaverse.
For the full report, which includes a number of security concerns and scenarios for each threat category, visit www.trendmicro.com.