Neal Stephenson coined the term “metaverse” in his 1992 cyberpunk novel Snow Crash. It refers to a virtual world that can be explored using avatars and provides players with a fully immersive experience. Similar worlds can be found in massively multiplayer online role-playing games (MMORPGs) such as Roblox, Minecraft, Fortnite, Second Life, and others today, but none come close to the immersive experience described in Snow Crash.

The modern metaverse is made up of multiple independent and linked virtual spaces. As a result, no single company can build the entire metaverse on its own. An optimistic estimate would put the full-fledged metaverse deployment between five and ten years away. However, we anticipate that the market will see more metaverse-like applications in the next three to five years. Some already exist, such as Decentraland and Crypto Voxels, as well as games like Minecraft and Second Life.

Current metaverse-like applications are primarily aimed at gamers rather than the general public. We anticipate that in the future, daily tasks such as remote work, entertainment, education, and shopping will be performed in next-generation metaverse-like applications.

Many of these applications will naturally coexist in cyberspace, which will eventually merge into a single metaverse as the underlying technology (hardware, software, network infrastructure, and ubiquity) matures. Users will be able to switch between applications and access the metaverse using a variety of hardware in this shared space.

What Are Some Metaverse Threats?

Predicting cyber threats for a product space that does not yet exist and may or may not exist in the form that we envision is difficult. With this in mind, we brainstormed ideas for improving our understanding of the metaverse and identifying threats to the metaverse and within it.

NFTs

The use of non-fungible tokens (NFTs) in the metaverse has received much attention. NFTs are one-of-a-kind, blockchain-stored data units that can be bought and sold. In order to verify digital asset ownership, NFT data can include hashes or links to digital files such as text, photos, videos, and audio. NFTs govern asset ownership but do not store assets, leaving users vulnerable to ransomware and other threats. If the files are encrypted by ransomware, the NFT’s owner will be unable to access them. Worse, if the underlying blockchain is vulnerable to Sybil attacks, the asset could be effectively stolen.

Scammers can also clone an NFT by changing a few bits of data in the ‘protected’ file and selling the same digital asset. As Moxie Marlinspike demonstrated, asset servers can also be manipulated by changing the contents returned from the URL stored in the NFT.

Another security concern is asset transfers. Moving digital assets between metaverse spaces can be costly due to verification and the need to “convert” incompatible assets for use on a technologically different platform. Asset brokers will be used for this, but users may be defrauded by scammers posing as asset brokers.

Virtual trade routes may resemble the Wild West until best practices and rules are established. If it is heavily based on blockchain technology, it will essentially be an unregulated market with no defined government or legal entity to assist in the event of fraud. Existing attacks such as phishing, drive-by downloads, and others may also be more effective as a result of the sense of trust provided by this interactive space.

The Darkverse

The darkverse, like the Dark Web, will be an anonymous space in which malicious users can interact. The simulated physical presence resembles real-world meeting spaces, making it ideal for criminals to use to facilitate their illegal activities. On the other hand, it could be a safe haven for free expression against oppressive entities or governments.

Darkverse worlds could be configured so that they are only accessible if the user is in a specific physical location — this safeguards closed metaverse communities. Law enforcement agencies (LEA) will find it difficult to intercept metaverse data due to location-based and proximity messages.

The darkverse is particularly troubling because serious crimes such as child pornography are already prevalent on the internet. These offenses are poorly defined in legal terms and extremely difficult for law enforcement to enforce in virtual spaces.

Financial Swindle

Because of the high volume of e-commerce transactions in the metaverse, criminals will try to steal money and digital assets. A new digital economy (using Bitcoin, Ethereum, real money, PayPal, e-transfers, and so on) will operate in the metaverse, with exchange rates determined by the free (and possibly deregulated) market. Market manipulators will be looking for this. Income taxes could be avoided by a metaverse-only company that is not subject to any jurisdiction. Metaverse investors may be victims of Ponzi schemes and securities fraud. Intertwined digital currency, digital asset, and fiat money systems, such as the Terra/LUNA cryptocurrencies in 2022, can lead to collapses.

Although digital currencies are excellent for receiving funds, if a user is defrauded or there are transaction issues, the publisher will face complex financial issues, possibly at the regulatory level. If a user is defrauded or robbed, they will have a difficult time getting help, filing complaints, or taking legal action if they use decentralized digital currencies.

We can expect fake recommendations, endorsements, and investments to artificially boost digital asset values in the metaverse. The value of virtual “land,” for example, is highly dependent on perception, which can be influenced by a variety of factors.

Social Engineering

Social engineering refers to a variety of malicious human interactions aimed at duping users into making security mistakes and disclosing sensitive information. When malicious actors have detailed information about their targets, social engineering scams are more successful. Operators in the metaverse can perform precise sentiment analysis using personal information such as eye, body, voice, movement tracking, and so on. This information has been gathered and could be stolen or misused.

Criminals or state actors will seek out vulnerable groups of people who are sensitive to certain topics and then deliver targeted narratives to them in order to influence them. Because combining speech and visuals creates a powerful expression of opinions, the metaverse is ideal for criminal deep fakes (and a tool for manipulation).

Metaverse operators must also be wary of infiltrators who attempt to impersonate official avatars in order to mislead metaverse users. Deep fakes may be unnecessary because an avatar’s assets are easily collected and cloned. If someone impersonates an official avatar skin, they can enter a metaverse space and cause havoc, reflecting poorly on the company being impersonated.

Criminals can also use the metaverse to impersonate doctors and provide patients with false medical advice in exchange for payment. Fake news worlds can be created and used as intelligence-gathering VR honeypots in larger scams, and malicious advertisers can sell trojanized digital products. Because the metaverse transcends physical boundaries, people will be more easily exposed to global con artists, and social engineering crimes will worsen.

Final Thoughts

The metaverse will be the next evolution of augmented, mixed, and virtual reality. It will provide users with a fully immersive experience by utilizing new technologies: the Internet of Experiences. The user will have the impression that they are taking part in real-world events.

The metaverse is an additional internet layer that aims to provide a transparent connection for all devices. Developers, on the other hand, do not appear to be listening to advise from those with decades of experience and designing with security and privacy in mind.

Everything should be done to keep the metaverse from becoming an abusive, dangerous, and criminally infested environment. From the start, developers should incorporate technical and social safeguards. Without these safeguards, the metaverse has the potential to be even more dangerous than the internet: it will be metaworse.