Trend Micro, a global leader in cybersecurity solutions, released a report warning about what it is calling Darkverse, a criminal version of the Metaverse, an environment with the potential to fuel a new, rapidly evolving cybercrime industry, “The Metaverse is a multibillion-dollar, high-tech vision that will define the next era of the Internet. Although we still don't know exactly how it will develop, we need to start thinking now about how it will be exploited by threat actors. Due to the high costs and legal challenges, it will be difficult to monitor the Metaverse in the early years. The security community must intervene now or risk a wild Wild West that will unfold on our digital front door,” noted Bill Malik, vice president of Infrastructure Strategies at Trend Micro.
The goal of the Trend Micro study is to spark discussion about what to expect from these cyber threats and how to mitigate them. The report lists five Metaverse threats:
– NFTs or non-fungible tokens will be hit by phishing, ransom demands, fraud and other attacks, and will be increasingly targeted as they become an important property regulation commodity in this new universe;
- O Darkverse It will be the ideal place to carry out illegal/criminal activities, due to the difficulty of tracking and monitoring by police authorities.
– The possibility of money laundering through overpriced Metaverse properties and NFTs will be attractive to criminals.
– Social engineering, propaganda and fake news will have a profound impact on a phigital world. Seductive narratives will be employed by criminals targeting vulnerable groups sensitive to certain issues.
– Privacy will be redefined, because in the Metaverse, personas will have visibility and projection without the control of their users – especially when roaming digital worlds.
The police will have difficulty infiltrating the underground markets that operate in the Darkverse, especially if you don't have the correct authentication tokens. Since users can only access one world in Darkverse Within a designated physical location, closed criminal communities ended up being protected.
This can provide a haven for various threats to flourish, from financial fraud and e-commerce scams to NFT theft, ransomware, and more. The cyber-physical nature of the Metaverse will also open new doors for threat actors.
Cybercriminals may attempt to compromise “digital twins” (i.e., replicas of physical places) managed by critical infrastructure operators, with the aim of sabotaging or extorting industrial systems. Or they could implement malware into Metaverse users' avatars to cause physical harm. This type of robbery has been reported on several occasions.
Although the Metaverse is still under construction, metaverse-like spaces will be commonplace much sooner than we imagine. Trend Micro's report seeks to start an urgent dialogue about what cyber threats to expect and how they can be mitigated.
The questions we need to ask are:
- How will we moderate user activity in the Metaverse? And who will be responsible?
- How will copyright infringements be regulated?
- How will users know whether they are interacting with a real person or a bot? Will there be a Turing test to validate Artificial Intelligence (AI)/humans?
- Is there a way to protect privacy by preventing the Metaverse from being dominated by big tech companies?
- How can law enforcement overcome the high costs of intercepting Metaverse crimes at scale and resolve issues related to jurisdiction?
