Trend Micro, one of the world's leading providers of cybersecurity solutions, examines potential cybercriminal threats to the evolving Metaverse in a new research report. In it, the researchers warn, among other things, of a “dark verse” that could quickly become a new space for cybercrime in the metaverse.
Trend Micro researchers anticipate that the Darkverse will resemble a metaversion of the Dark Web, where threat actors can coordinate illegal activities and carry them out with impunity. Underground marketplaces operated in the Darkverse would be impossible for law enforcement to view without the correct authentication tokens. The fact that users can only access a Darkverse world when they are in a specific physical location provides an additional layer of protection for closed criminal communities.
Metaverse plus Darkverse
The Darkverse could be a platform for numerous threats, from financial and e-commerce fraud to NFT theft, ransomware, and more. Additionally, the cyber-physical nature of the Metaverse will open new doors for threat actors.
According to the study, the top five threat scenarios to be expected in the Metaverse in the future are:
NFTs (Non-fungible Tokens) are becoming increasingly popular methods of defining property in the Metaverse and are therefore increasingly targeted by phishing, ransomware, fraud, and other attacks.
- Difficult for law enforcement to enter and monitor, the Darkverse is becoming the preferred location for illegal/criminal activity. In fact, it could be years before the police can operate effectively in it.
- Another form of crime is money laundering using overpriced Metaverse virtual real estate and NFTs.
- Social engineering, propaganda and fake news have profound implications in a cyber-physical world. Criminal and state actors use influential narratives to reach vulnerable and issue-sensitive groups.
- Privacy is redefined. The operators of Metaverse-like rooms get an unprecedented insight into the actions of the users - privacy as we know it no longer exists there.
“The Metaverse is a multi-billion dollar high-tech vision that will define the next internet age. While we don't know exactly how it is evolving, we need to start thinking now about how it can be exploited by threat actors and how we can meaningfully protect our society,” said Udo Schneider, IoT Security Evangelist Europe at Trend Micro. “Given the high cost and legal challenges, law enforcement will struggle to generally monitor the Metaverse for the first few years. The IT security industry must intervene now or risk a new Wild West developing on our digital doorstep.”
Study: Who Will Control a Metaverse?
While we're still a few years away from a full-fledged Metaverse, Metaverse-like rooms will be part of our everyday lives much sooner. Trend Micro's study wants to start a dialogue about what cyber threats to expect and how to counter them.
Questions that the technology industry and society should already be grappling with are:
- How are user activities and statements moderated in the Metaverse? And who is responsible for this?
- How are copyright violations monitored and enforced?
- How do users know if they are interacting with a real person or a bot? Is there a Turing test to verify human identities?
- Is there a way to protect privacy by preventing a few tech giants from dominating the Metaverse?
- How can law enforcement manage the high costs of fighting metaverse crimes at scale and solve jurisdictional challenges?
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.