NetworkTigers discusses cyber threats in the metaverse.
The idea of the “metaverse,” a virtual world where users can work, play, and create as digital versions of themselves, has been a pop culture mainstay in science fiction and tech-centric stories for decades. The term itself, however, was not coined until American writer Neal Stephenson used it to refer to “an alternative 3D, connected reality” that allows escape from a dystopian existence.
Despite the majority of internet users voicing skepticism about their desire to engage in a wholly digital parallel universe, advances in computing technology and interconnectivity have allowed construction on this online world to begin, and intrepid internet spelunkers eager to take a peek at what may be just over the horizon are already exploring it.
It’s not all fun and games, however. As with all technological frontiers, the new spaces created by the metaverse will provide bad actors with a wealth of nefarious new opportunities. Cybersecurity experts caution that the scams and illegal activities on the dark web will indeed migrate into the metaverse, bringing dangers along with them and carving out what some call the “darkverse.” It is more when than if cyber threats in the metaverse become a reality.
Cybersecurity and cyber threats in the metaverse
Increased financial crime and identity theft
A virtual world in which users can be anyone they want provides fertile ground for abuse, exploitation, scams, phishing campaigns, and increases in cyberbullying and harassment.
According to World News Era, the most common form of exploitation and abuse in the metaverse is expected to be identity theft. As users exchange currency and connect banking institutions to accounts used to navigate the metaverse, criminals will likely pounce on the chance to “steal personal information and use it to gain access to bank accounts or commit other fraudulent activities.”
Just as email and social accounts can be stolen or hacked, those in the metaverse could be taken over by criminals to further their illegal agendas and convince contacts to give them their passwords or other sensitive data via impersonation.
More data, more crime, less privacy and confused authorities
The amount of user data that metaverse platforms will be able to observe and collect will be irresistible to criminals looking to engage in cyberattacks and corporate theft and authoritarian regimes that want to spy on citizens and journalists without their consent.
The implications of living in a virtual arena that may feature items and spaces that are photorealistic duplicates of those in the real world also create a tremendous gray area regarding law enforcement, human rights and surveillance. Cyber experts are wondering what role policing will play in the metaverse since many criminal acts that are punishable in reality are just as easy to commit from within the multi-layered cyberspace with no concept of country borders.
On the business side, the technology used to build the metaverse is advancing far more quickly than the laws written to protect people from overzealous corporate snooping. This, combined with the fact that using a virtual, 3D space allows for far more granular data collection than simply browsing a social media platform, means that those who venture into the early metaverse are likely to be subjected to data collection that regulators may deem to be illegal once they catch up. This may include everything from how users’ eyes move while wearing a virtual reality headset to how they interact with the digital world and other users.
Additionally, virtual assets, from cryptocurrency to NFTs and whatever else may be around the corner, may be easy pickings for the hackers and thieves that set up shop in the metaverse.
Advanced predatory activity and cyberstalking
The metaverse will provide stalkers and predators with a bevy of tools and strategies that they can use to keep an eye on and manipulate their victims. Minors are especially vulnerable online, as virtual reality’s increased realism, anonymity, and freedom could give criminals easy access to spaces where minors gather. With children and adults alike able to create avatars and identities that do not align with their actual age or appearance, keeping young people safe from danger will be increasingly challenging.
Cyberstalking, already a troubling issue, is also likely to experience an “upgrade” in the metaverse due to the amount of data available within it and the ability for users to physically see, follow and observe one another while using it.
Impossible to detect social engineering scams
Social engineering already plays a tremendous role in how cybercriminals bypass verification requirements and convince users to hand over information that otherwise would require sophisticated hacking.
“I can go into the metaverse, I can make an avatar that looks like you, and I can give it a name that says it’s the real you – and I will probably trick some people into thinking that it’s you,” says Caroline Wong, chief strategy officer at Cobalt, a cybersecurity and penetration-testing company.
With victims regularly succumbing to scams via phone calls and messaging that purports to come from a trusted source, it’s natural to predict that the metaverse will only serve as an even more confusing space to navigate safely.
Companies intending to work within the metaverse must practice superhuman diligence to ensure that workers can determine whether they’re meeting with the CEO or an imposter.
A metaverse filled with bots and AI-assisted avatars
Artificial intelligence’s exponential sophistication and advancement in just the last year alone has opened the field to a wide range of emotions, fears, and hand-wringing. While the technology is sure to yield a range of positive outcomes, the dangerous implications of deepfakes and their destructive potential are beginning to surface.
Though the vast majority of deepfakes have been confined to the internet up until now, the Republican National Committee has given the US a peek at our post-reality landscape with an attack ad against Joe Biden that featured AI-generated images of the President presiding over an apocalyptic America.
As the metaverse becomes more photorealistic and more challenging to discern from physical reality, such instances will make it very difficult for some to tell what’s real from what isn’t. Given that unhinged, seemingly nonsensical internet conspiracy theories have already spilled into the real world with violent, dire consequences, the concerns over what may happen when such content is amplified to an incredibly believable degree are not unfounded.
Just as social media platforms are chock full of botted accounts, fake people, and scammers impersonating other users, the metaverse will likely be filled with AI-assisted avatars that look, sound, and act precisely like celebrities, influencers, and political leaders. These avatars could be used for everything from peddling scams and malware to influencing popular opinion.
The metaverse’s uncertain future
Just as the internet continues changing how we interact with the world and each other, the metaverse signals an upcoming paradigm shift in our relationship with technology. As individuals, we must remain vigilant and take precautions to protect our privacy and security with whatever means are available to us in the face of a bold new online space.
No one would argue that the internet has ever been entirely risk-free, and yet it’s become an inescapable part of our daily lives that most of us have learned to navigate with relative safety. With the proper regulations in place, the metaverse could become similarly secure. Until lawmakers can keep up with the incredible pace of today’s technology, however, the metaverse may be a free-for-all only enjoyed by those with bad intentions.
