Trend Micro releases report on dangers of Metaverse

Following the release of the report, Trend Micro is calling on the tech industry to secure against the metaverse risks.

Global cybersecurity company Trend Micro Incorporated has released a new report warning of a “darkverse” of criminality hidden from law enforcement, which could quickly evolve to fuel a new industry of metaverse-related cybercrime.

The company says tech companies need to start developing Metaverse security models now to protect Metaverse-like applications and the future Metaverse.

Lewis Duke, Sales Engineer at Trend Micro says: “The Metaverse will play a large role in the next era of connectivity and will bring with it a range of security threats, many of which will leverage tactics and techniques that the industry is already aware of. This gives us as a security community a chance to not only predict the likely threats that the Metaverse will bring but also start to prepare how we can protect ourselves and our organisations to avoid the historical dis-connect between innovation and security.”

The top five metaverse threats outlined in the report were: 

  1. NFTs will be hit by phishing, ransom, fraud and other attacks, which will be increasingly targeted as they become an important metaverse commodity to regulate ownership.
  2. The darkverse will become the go-to place for conducting illegal/criminal activities because it will be difficult to trace, monitor and infiltrate by law enforcement. In fact, it may be years before police catch up.
  3. Money laundering using overpriced metaverse real estate and NFTs will provide a new outlet for criminals to clean cash.
  4. Social engineering, propaganda and fake news will have a profound impact in a cyber-physical world. Influential narratives will be employed by criminals and state actors targeting vulnerable groups who are sensitive to certain topics.
  5. Privacy will be redefined, as metaverse-like space operators will have unprecedented visibility into user actions – essentially when using their worlds, there will be zero privacy as we know it.

Bill Malik, vice president of infrastructure strategies for Trend Micro says: “The metaverse is a multibillion-dollar hi-tech vision that will define the next internet era. Although we don’t know exactly how it will develop, we need to start thinking now about how it will be exploited by threat actors. Given the high costs and jurisdictional challenges, law enforcement will struggle to police the metaverse in general in its early years. The security community must step in now or risk a new Wild West to develop on our digital doorstep.”

Trend Micro predicts the darkverse will resemble a metaverse version of the dark web, enabling threat actors to coordinate and carry out illegal activities with impunity. It says underground marketplaces operating in the darkverse would be impossible for police to infiltrate without the correct authentication tokens. Because users can only access a darkverse world if they’re inside a designated physical location, there’s an additional level of protection for closed criminal communities. This could provide a haven for multiple threats to flourish—from financial fraud and e-commerce scams to NFT theft, ransomware and more. The cyber-physical nature of the metaverse will also open new doors to threat actors. Trent Micro predicts that cybercriminals might look to compromise the “digital twin” spaces run by critical infrastructure operators, for sabotage or extortion of industrial systems. Or they could deploy malware to metaverse users’ full body actuator suits to cause physical harm. Assault of avatars has already been reported on several occasions. Although a fully-fledged metaverse is still some years away, metaverse-like spaces could become commonplace much sooner. Trend Micro’s report seeks to start an urgent dialog about what cyber threats to expect and how they could be mitigated.

Trend Micro has put together some questions to start asking:

·How will we moderate user activity and speech in the metaverse? And who will be responsible?

·How will copyright infringements be policed and enforced?

·How will users know whether they’re interacting with a real person or a bot? Will there be a Turing Test to validate AI/humans?

·Is there a way to safeguard privacy by preventing the metaverse from becoming dominated by a few large tech companies?

·How can law enforcement overcome the high costs of intercepting metaverse crimes at scale, and solve issues around jurisdiction?

Read a full copy of the report, Metaverse or MetaWorse? Cyber Security Threats Against the Internet of Experiences.

 

Share

Featured Articles

How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

CYBER LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at highlights of the different stages at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

Does a cashless society mean higher risk of fraud?

Cyber Security

5 minutes with Gary Brickhouse, CISO of GuidePoint Security

Cyber Security

CTO at Passbolt explains the importance of password managers

Application Security