Trend Micro Incorporated releases ‘Metaverse or MetaWorse? Cyber Security Threats Against the Internet of Experiences’ dealing with virtualized universes and their possible abuses. In the latter, Trend Micro warns the industry of the existence of a “Darkverse” whose criminality, hidden from law enforcement, could quickly evolve to fuel a new cyber criminal industry around metaverses.
The Trend Micro report lists five major threats:
• NFTs could be the target of attacks of the type phishing, ransomware, fraud, etc., which are increasingly targeted as they become an important resource of the metaverse, in particular used to organize the right of ownership there.
• This “darkverse” will become the preferred location for conducting illegal/criminal activities as it will be difficult to track, monitor and infiltrate by law enforcement. With police investigations requiring years of investigation.
• Money laundering. Overvalued real estate in the metaverse and NFTs will provide criminals with yet another way to launder their money.
• Social engineering, propaganda and infox/fake news will have a big impact in this cyber-physical world. Criminals and state actors will use influence operations to drive campaigns to targeted audiences.
• The notion of privacy will be reconsidered, as operators of virtualized environments will have unprecedented visibility into user actions. In fact, the notion of privacy as we know it is deeply challenged in this universe.
“The Metaverse is a multi-billion dollar high-tech vision that can participate in the next era of the Internet. Although we don’t know exactly how it will develop, we need to start thinking now about how it will be exploited for evil purposes. Given the financial and technical resources to be implemented, with, moreover, uncertainties about the applicable legal means, the police will probably have difficulty controlling the meta around the first years. The community of security experts must therefore take up this subject without delay, otherwise the initiative will be left to criminal organizations in this digital space in the making”, comments Nicolas Arpagian, – Director Cybersecurity Strategy – Trend Micro.
As envisioned by Trend Micro, the “Darkverse” will look like a metaverse version of the dark web, allowing malicious operators to offer and conduct illegal activities.
The underground markets operating in the Darkverse will be difficult for the police to infiltrate without the proper authentication tokens. The fact that users can only access a “darkverse” world if they are physically in a designated real location will provide criminal communities with an additional level of protection.
This could be a breeding ground for many criminal activities: from financial fraud and online scams to NFT theft, ransomware and many more. The cyber-physical nature of the Metaverse may also provide new insights to threat actors. Cybercriminals could thus seek to compromise so-called ‘digital twins’, managed by critical infrastructure operators, to sabotage or extort industrial systems. Or deploy malware in metaverse user interfaces to cause physical harm. Avatar attacks have already been reported on several occasions.
While it’s still a few years before we see a full-fledged Metaverse, metaverse-like spaces will become commonplace much sooner. The Trend Micro report aims to alert on the importance of a strategic reflection on the cyber threats to be expected and on the means to protect oneself from them.
For Trend Micro, several questions must quickly be asked to ensure the security and protection of “metaverse”:
• How will we moderate/frame user activity and speech in the metaverse? And who will be responsible for it?
• How will violations of rights (copyright…) be monitored and enforced?
• How will users know if they are interacting with a real person or a robot? Will there be a technical model like a Turing test to validate AI/humans?
• Is there a way to protect privacy? How to prevent the metaverse from being dominated by a few big tech companies
• How can law enforcement overcome the barriers of intercepting large-scale metaverse crimes, and address applicable law issues?