The Metaverse version of the dark web could be nearly impenetrable
RSA CONFERENCE 2023 – San Francisco – As The metaverse takes shape In the years to come, many of the security issues affecting cyberspace will spill over into virtual space as well.
One of the biggest of these threats will be the emergence of a new “darkverse,” in which criminals can operate with greater impunity and more dangerously than they previously did on the dark web, two researchers from Trend Micro said at a session of the RSA 2023 conference in San Francisco, April 26 .
The metaverse is a somewhat loose term that describes a virtual space where humans can interact with other individuals and organizations in a computer-generated version of the physical world. Just as massively multiplayer online games allow individuals to create digital avatars of themselves and interact with other players in fantasy worlds, a full-fledged metaverse will allow individuals to shop, work, socialize, and socialize in a virtual recreation of the physical world engage in other activities.
The same phenomenon will occur underground in cybercrime, the researchers warned. Just as the dark web exists in an unindexed deep web, the darkverse will operate in an unindexed “deepverse” that law enforcement will find difficult to penetrate, they noted: the space will become a safe haven for criminal spaces, extremist spaces and suppliers provide child pornography and those who seek to harass others.
Numaan Huq and Philippe Lin, senior threat researchers at Trend Micro, co-authored a report last year on how Security and Privacy Threats will likely emerge in the metaverse and evolve as more people start using it. The threats they identified in the report included enhanced versions of some existing issues, such as social engineering, financial fraud, and privacy risks, as well as some new ones, such as: Risks Associated with NFTscyber-physical threats and more.
A Nearly Impenetrable Darkverse
The threats are far from true, Huq and Linn said in a conversation with Dark Reading before their call. “But the villains are already talking about how to make money in the metaverse,” Lin warns. “If (organizations) just ignore the threat and Don’t invest in trying to address problems If we lose them soon, they could lose even more in the future,” he notes.
Trend Micro itself describes the Metaverse as a “cloud-distributed, immersive, multi-vendor interactive operating environment that users can access across different categories of connected devices.” The Metaverse will leverage Web 2.0 and Web 3.0 technologies to create an interactive layer above the current provide internet. “As proposed, it is an open platform for working and playing in an augmented reality environment, and it will also be a communication layer for smart city devices,” according to Trend Micro.
The Darkverse is a space that will exist within this world and that, like today’s dark web, will provide a safe space for free speech and free speech against oppressive entities and governments. It will be a place for illegal and criminal activity alike, with marketplaces catering to a broad criminal audience.
What will make the Darkverse a significantly more dangerous place is the difficulty law enforcement agencies will have when attempting to infiltrate the criminal activity taking place there, Huq says. He anticipates that criminals will use authentication tokens to control access to their realms in the metaverse. They could make it nearly impossible for defenders to get hold of those tokens by requiring users to be in a specific physical location within a certain amount of time to get a token.
Criminals could also implement location-based and proximity-based restrictions on accessing metaverse spaces. Such measures could make it significantly more difficult for law enforcement agencies to stop these activities compared to sinkholeing a server or blocking URLs, Huq says.
New technologies and protocols bring new threats
The Darkverse will pose a major threat, but not the only one that organizations in the Metaverse will have to contend with. Huq and Lin anticipate that over the next few years, companies will start using the metaverse for various use cases. As an example, Huq points to a critical infrastructure operator that has a… digital twin of an OT or ICS environment. This would allow an engineer working for that company in New York to troubleshoot and troubleshoot support issues at an ICS facility in Arizona, almost as if that technician were physically present at that facility, he says. Likewise, a retailer could set up digital stores where customers can shop in an immersive way as if they were in a physical location.
As such use cases increase, so do the threats. Huq and Lin anticipate that attackers will seek and find ways to infiltrate and poison these environments in order to spy, steal, and harm others. They assume that some of the attacks will target the servers, endpoints, and infrastructure running the Metaverse, while others will target Metaverse-specific items such as the headsets people use to access the virtual world or the objects present in it.
Huq and Lin, like other researchers are also concerned about the massive collection of personal data that will almost inevitably happen as more and more people begin to use the metaverse in their personal and work lives.
“The metaverse will introduce many new technologies in a very short time,” says Huq. Users will constantly need to interact with digital objects from a Facebook metaverse, a Google metaverse, a Microsoft metaverse, and several other metaverses. This means that code must be transported from one environment to another in a very fluid manner. “When you deploy radically new technology, you’re bound to have security issues, whether it’s cyber or procedural.”