Trend Micro Incorporated, a cybersecurity leader, released a new report warning of a “darkverse” of criminality hidden from law enforcement, which could quickly evolve to fuel a new industry of metaverse-related cybercrime.
The top five metaverse threats outlined in the report are:
- NFTs will be hit by phishing, ransom, fraud and other attacks, which will be increasingly targeted as they become an important metaverse commodity to regulate ownership.
- The darkverse will become the go-to place for conducting illegal/criminal activities because it will be difficult to trace, monitor and infiltrate by law enforcement. In fact, it may be years before the police catch up.
- Money laundering using overpriced metaverse real estate and NFTs will provide a new outlet for criminals to clean cash.
- Social engineering, propaganda and fake news will profoundly impact a cyber-physical world. Influential narratives will be employed by criminals and state actors targeting vulnerable groups who are sensitive to certain topics.
- Privacy will be redefined, as metaverse-like space operators will have unprecedented visibility into user actions – essentially, when using their worlds, there will be zero privacy as we know it.
Bill Malik, vice president of infrastructure strategies for Trend Micro: “The metaverse is a multibillion-dollar hi-tech vision that will define the next internet era. Although we don’t know exactly how it will develop, we need to start thinking about how it will be exploited by threat actors. Given the high costs and jurisdictional challenges, law enforcement will struggle to police the metaverse in general in its early years. The security community must step in or risk a new Wild West to develop on our digital doorstep.”
As imagined by Trend Micro, the darkverse will resemble a metaverse version of the dark web, enabling threat actors to coordinate and carry out illegal activities with impunity.
Underground marketplaces operating in the darkverse would be impossible for police to infiltrate without the correct authentication tokens. Because users can only access a darkverse world if they’re inside a designated physical location, there’s an additional level of protection for closed criminal communities.
This could provide a haven for multiple threats to flourish—from financial fraud and e-commerce scams to NFT theft, ransomware and more. The cyber-physical nature of the metaverse will also open new doors to threat actors.
Cybercriminals might look to compromise the “digital twin” spaces run by critical infrastructure operators for sabotage or extortion of industrial systems. Or they could deploy malware to metaverse users’ full body actuator suits to cause physical harm. Assault of avatars has already been reported on several occasions.
Although a fully-fledged metaverse is still some years away, metaverse-like spaces will be commonplace much sooner. Trend Micro’s report seeks to start an urgent dialogue about what cyber threats to expect and how they could be mitigated.