Trend Micro Incorporated has released a new report, Metaverse or MetaWorse? Cyber Security Threats Against the Internet of Experiences, warning of a “darkverse” of criminality hidden from law enforcement, which it says could quickly evolve to fuel a new industry of metaverse-related cybercrime.
The top five metaverse threats outlined in the report are:
- NFTs will be hit by phishing, ransom, fraud and other attacks, which will be increasingly targeted as they become an important metaverse commodity to regulate ownership.
- The darkverse will become the go-to place for conducting illegal/criminal activities because it will be difficult to trace, monitor and infiltrate by law enforcement. In fact, it may be years before police catch up.
- Money laundering using overpriced metaverse real estate and NFTs will provide a new outlet for criminals to clean cash.
- Social engineering, propaganda and fake news will have a profound impact in a cyber-physical world. Influential narratives will be employed by criminals and state actors targeting vulnerable groups who are sensitive to certain topics.
- Privacy will be redefined, as metaverse-like space operators will have unprecedented visibility into user actions – essentially when using their worlds, there will be zero privacy as we know it.
Mick McCluney, Technical Director at Trend Micro: “The metaverse is a multibillion-dollar hi-tech vision that will define the next internet era. Although we don’t know exactly how it will develop, we need to start thinking now about how it will be exploited by threat actors. Given the high costs and jurisdictional challenges, law enforcement will struggle to police the metaverse in general in its early years. The security community must step in now or risk a new Wild West to develop on our digital doorstep.”
As imagined by Trend Micro, the darkverse will resemble a metaverse version of the dark web, enabling threat actors to coordinate and carry out illegal activities with impunity.
Underground marketplaces operating in the darkverse would be impossible for police to infiltrate without the correct authentication tokens. Because users can only access a darkverse world if they’re inside a designated physical location, there’s an additional level of protection for closed criminal communities.
This could provide a haven for multiple threats to flourish—from financial fraud and e-commerce scams to NFT theft, ransomware and more. The cyber-physical nature of the metaverse will also open new doors to threat actors.
Cybercriminals might look to compromise the “digital twin” spaces run by critical infrastructure operators, for sabotage or extortion of industrial systems. Or they could deploy malware to metaverse users’ full body actuator suits to cause physical harm. Assault of avatars has already been reported on several occasions.
Although a fully-fledged metaverse is still some years away, metaverse-like spaces will be commonplace much sooner. Trend Micro’s report seeks to start an urgent dialogue about what cyber threats to expect and how they could be mitigated.
Questions to start asking include:
- How will we moderate user activity and speech in the metaverse? And who will be responsible?
- How will copyright infringements be policed and enforced?
- How will users know whether they’re interacting with a real person or a bot? Will there be a Turing Test to validate AI/humans?
- Is there a way to safeguard privacy by preventing the metaverse from becoming dominated by a few large tech companies?
- How can law enforcement overcome the high costs of intercepting metaverse crimes at scale, and solve issues around jurisdiction?
You can read the full report here.