There’s no arguing the metaverse is here to stay.
But on the surface, a crucial aspect seems to be forgotten: safety.
Jaeson Schultz, technical leader at Cisco Talos, believes engineering scams are the most significant threats. These scams include phishing attacks, fake NFT minting sites and criminals impersonating moderators.
Schultz said there is a “promise” criminals are seeing through the metaverse. People use cryptocurrency, and criminals take note, monetizing their attacks efficiently.
Amin Lalji, national cloud security leader at EY Canada, says adding personal information in the metaverse, such as the cryptocurrency you own, is risky.
If a user wanted to acquire digital assets through the metaverse, most platforms would require you to get a crypto wallet, a place to store and use cryptocurrency. As it stands today, all it would take for a criminal to impersonate someone on the metaverse is to gain control of their crypto wallet, Lalji said, as non-sophisticated users likely haven’t added security features to their wallet, such as 2FA (two-factor authentication).
Most wallets have this feature and it’s something users should have activated at all times. It makes accounts more secure since a hacker would need both a password and a secondary authentication code that only the wallet owner has access to.
Schultz also agreed with this factor. “For most, this is their first experience with the metaverse, cryptocurrency wallets and NFTs. This absolutely plays into the hands of cybercriminals that prey on the naiveté of new users in the space, as these new users are more likely to fall for the many social engineering scams.”
A lack of monetization to blame
Part of the criminal nature is tied back to the metaverse not being monitored with rules and regulations ensuring safety. Schultz says security controls are necessary because criminals can do as they please without them. “The ability to monitor activity, identify cybercriminals and restrict criminal activities is essential to making the metaverse a safe place for everyone.”
But there isn’t a big push to change that at this time. Since metaverse is still in its infancy, Schultz said businesses are mainly focusing on developing new features over security. They often don’t realize the importance of security until a breach happens and it’s too late.
But all is not lost. While the metaverse is relatively new, people should remember that we’ve already been through web 2.0, and cybersecurity professionals believe users can learn lessons.
“Systems need to be hardened so they can continue to operate reliably even in the presence of miscreants who intentionally commit abuse,” Schultz said. “As we build out the metaverse, we can bring those lessons that we have learned along with us, and bake in security right from the start.”
Lalji believes distributed blockchain technologies utilize embedded security capabilities, but things like coding errors and backdoor options play a role in high-volume transactions going wrong.
“Some solutions are emerging to allow consensus-based reversal of fraudulent transactions, however, the landscape is fragmented, standards don’t fully exist, and adoption of these technologies is sporadic,” Lalji said.
Both experts say individuals and larger companies can take steps to keep safe.
Lalji says a complete understanding of the security issues and how to mitigate their need to be brought together for all parties to stay safe.
Big companies “will want to anticipate how the experience they create in the metaverse might possibly be abused and account for that,” Schultz’s added. This could include things like seeking the assistance of experts or locking down servers customers use to communicate.
Image credit: Shutterstock