Cybersecurity a meta threat to Metaverse

With the rise of Metaverse in the region, Bilal Baig, Technical Director, MEA, Trend Micro talks about their recent report on Metaverse – “Metaverse or Metaworse? Cybersecurity Threats Against the Internet of Experiences,” and explores the threats posed to the Metaverse.

In a region known for its early adopters, the Metaverse is fast becoming a hot topic among innovators across the Middle East and North Africa (MENA), regardless of their chosen industry. And governments are doing their part.

The Dubai Metaverse Strategy, for example, is set on establishing the emirate as a global Metaverse hub, attracting specialist companies and generating jobs. Saudi Arabia, meanwhile, will develop XVRS, a digital-twin Metaverse that will evolve in parallel with the kingdom’s US$ 500 billion sustainable smart city project NEOM. And Egypt is in the midst of using the Metaverse to enhance industries from healthcare to real estate.

A recent World Bank report touted socio-economic benefits with a regionwide annual value in the hundreds of billions of dollars. But, as with any other technology adoption, the Metaverse must be built on a foundation of trust and safety. The challenge before us is to ensure this emerging Internet of Experiences will be free from the machinations of threat actors when we are not even sure what it will look like in its eventual form. Trend Micro has devoted thousands of research hours to this issue, and has compiled a report titled “Metaverse or Metaworse? Cybersecurity Threats Against the Internet of Experiences,” which explores the possibilities for exploitation by criminals, fraudsters, and others.

Let us start by noting that almost any traditional cyberattack can have its origins in the Metaverse, as the entire ecosystem is essentially another layer of abstraction for the Internet. But we must also deal with the multitude of Metaverse-specific threats – threats around privacy, and the physical security of virtual buildings. Utilities and other organizations that use IIoT solutions, including digital-twin scenarios, must consider the real-world ramifications of Metaverse attacks, as they could involve anything from theft of intellectual property to health and safety issues.

Then there is the question of financial crime. Just as the Web has the Dark Web, the Metaverse has the Darkverse, which can be a staging area and marketplace for crimes in the real world. Metaverse real estate is greatly influenced by perception and suffers from jurisdictional vagueness, meaning policing it is a problem and even filing complaints can be difficult. Not only can virtual property be used for money laundering, but it opens doors to Ponzi schemes and securities fraud. Even NFTs (non-fungible tokens) are subject to ransomware attacks that deprive the victim of access rather than ownership. And if they reside on a smaller blockchain, NFTs could be susceptible to so-called Sybil attacks, where an attacker hijacks more than half of the blockchain’s peer nodes and gains control of ownership verification.

The report showcases that the possibilities for abuse are as plentiful as those for societal benefit, and cybersecurity companies must work with regulators and private tech and non-tech companies to ensure society gets a Metaverse that is secure. The Metaverse’s future is in our hands, but we must work to lay the right foundations so the building – whatever its eventual shape – can withstand the tremors of criminality that plagued its predecessors.