The Promotion of Security Threats through the Metaverse

The decentralized nature of the metaverse offers criminals unprecedented potential to develop their harmful and malicious activities. However, we focus the work in the following paragraphs on the explanation and exploration of certain specific and often well-known activities and how their transshipment between virtual spaces imposes unforeseen and dangerous impacts on the stability of virtual spaces and the integrity of users, including the analysis of countermeasures provided to address these risks and challenges.

1. Social engineering and misinformation as widely used domains in the metaverse

As a part of a digital space, the open and decentralized nature of the metaverse makes vulnerable to cunning criminals, who constantly exploit technological innovations to achieve criminal and destabilization objectives. Social engineering and misinformation manifest as persistent and widely exploited domains to manipulate users into serving criminal objectives instead of personal ones.

Phishing innovations and the radicalization activities:

The transcendence of virtual spaces has called upon activities already known in the field of cybercrime such as phishing and radicalization as the main activity of disinformation. Phishing takes the majority margin when classifying high-risk activities against users in the metaverse, with a wave of phishing attacks and credential theft against the gaming platform Decentraland highlighting the urgency of addressing these activities as a major risk in this space. This means that we are facing activities of scamming and deception, which use false information to deceive users and steal their information (Bhaskar et al., 2023).

Far from financial objectives, virtual spaces constitute fertile ground for propaganda and online radicalization marketing. Virtual gatherings, especially those of teenage gamers on platforms, have become targets for radicals who infiltrate these groups to carry out their activities – to influence the emotions and behaviors of virtual youth – in recruitment and ideological propaganda. The metaverse thus constitutes a perfect space for radicals and strongly promotes the spread of their radicalization activities and the amplification of their extreme rhetoric, as Procopiou confirms (2022).

2. Infrastructure vulnerabilities

We have already referred to the weakness and the immature level of technological infrastructure in Morocco, which is still developing. From our point of view, this imposes more risks and problems to user security and risks undermining confidence in the process of securing data and services in the metaverse.

DDoS in the metaverse and the criminal use of decentralized applications:

The platforms in the metaverse, with their multitude of services and domains, are subject to DDoS attacks, with VRChat being the most well-known case in this discussion, where hackers overwhelmed the platform’s servers in 2022, causing disruptions in services and functionality. The financial losses were colossal, and the users, especially the service providers on this platform, expressed their refusal and dissatisfaction in the face of this disruption to their economic and commercial activities. This shows cybersecurity experts that the metaverse can also be altered or shut down if DDoS attacks effectively overload the network. Experts and professionals in cybersecurity, did not only confirm the possibility of the metaverse being altered due to a DDoS attack; rather, they emphasize the need to strengthen cybersecurity measures in the metaverse to ensure stability and security.

In 2022, a hacker managed to steal 600 million dollars in the form of cryptocurrencies by exploiting vulnerabilities and security gaps in the system of a virtual application (dApp) called Axie Infinity (Rahaman et al., 2024). This means that the smart contracts on the platform can also be infiltrated by hackers for fraudulent purposes, but on a large scale. Cybersecurity experts emphasize, upon studying this situation, that computer vulnerabilities are also permanent in dematerialized applications, and that regular evaluations and audits are also necessary to remain within the limits of resilience and the security of dApps (Aluthman et al., 2024).

3. Exploitations of avatars and personal data

The risks of identity theft, privacy violations, and the manipulation of personal information to achieve criminal objectives and interest in the metaverse are predominant. Especially since hackers are well-versed in the use of avatars to serve their interests, as well as in generating falsified personal information and easily accessing stolen user identities.

Identity theft and data breaches in the virtual world:

The well-known platform Second Life experienced a very notable cyberattack in 2021, during which criminal impersonators managed to steal thousands of identities and avatars. This operation aimed at stealing the virtual assets accumulated by these users during their gaming activities on the platform in question. The hackers proceeded by using stolen credentials, which gave them access to the avatars stored on the platform’s servers, allowing them to finally make money transfers and conduct illegal financial transactions (Greggwirth, 2024). This confirms that we are facing a situation that requires the security vigilance of users whose avatars can be used to harm the stability and security of the metaverse through their names (Bhaskar et al., 2023).

Moreover, the incidents in the metaverse that confirm it has become a space of peril and dangers are numerous and diverse. The examples of data breaches are also numerous and confirm that we are facing a space that urgently requires reform at the level of security and resilience measures. In 2022, a data breach incident occurred against the Somnium Space platform, with the objectives being the use of biometric information and other sensitive data collected during the attack to carry out financial transactions and cryptocurrency transfers in the names of the original users. The fact that the metaverse presents opportunities and benefits does not change our view that it needs continuous review and updating of security, storage, and data encryption measures to prevent identity theft and privacy violations in the metaverse. (Gomez-Quintero et al., 2024).

4. Examples of technological countermeasures

The spread of risks and threats against the security and stability of services and assets in the metaverse, including user integrity, requires not only vigilance but also the renewal and updating of protection and monitoring systems. On the contrary, the actors should introduce smart and advanced devices to secure the metaverse and blockchain interactions.

AI prediction models and the use of blockchains for data integrity:

Virtual casino platforms have succeeded in developing predictive models supported by AI, aimed at identifying suspects hiding fraudulent behavior among system users. Their algorithms have repeatedly managed to identify individuals suspected of money laundering and fraudulent transactions by analyzing transaction histories and user behaviors. (Rahaman et al., 2024). The support of AI to improve detection and prevention systems for cybercrime also seems to be an opportunity for cybersecurity experts to address emerging threats in the metaverse and also an occasion for stakeholders in this field to reduce risks and threats (Dash et al., 2022).

Blockchain technologies at the moment also provide unprecedented potentials to strengthen the position of cybersecurity in this fragile and vulnerable space. The Sandbox platform uses specific processes to strengthen its cybersecurity strategy in the metaverse; these processes have been effectively used to verify the accuracy of virtual asset ownership and the regularity of personal identity information (World Economic Forum, 2024). In this sense, Alauthma et al., (2024) have proposed the idea of using these processes that leverage the potentials of blockchains in decentralization and transparency to secure transactions and make them localized and monitored in order to reduce the rate of fraud, manipulation of personal data, and crime generally emerging in virtual spaces.

REFERENCES

Bhaskar, S., Kuna, A., Jayakumar, A., & Lakshmi, D. (2023). A Prelude to Cybersecurity Challenges in the Metaverse. In Advances in digital crime, forensics, and cyber terrorism book series (pp. 149–170). https://doi.org/10.4018/979-8-3693-0220-0.ch008

Procopiou, A. (2022). Ready Player Bad: The Future Rise of Extremism and Terrorism in the Metaverse. IEEE 2nd International Conference on Intelligent Reality. https://doi.org/10.1109/icir55739.2022.00022

Rahaman, M., Bakkireddygari, S. S., Chattopadhyay, S., Gomez, A. L., Arya, V., & Bansal, S. (2024). Infrastructure and Network Security. In Advances in information security, privacy, and ethics book series (pp. 108–144). https://doi.org/10.4018/979-8-3693-3824-7.ch005

Greggwirth. (2024, May 3). Identity theft is being fueled by AI & cyber-attacks – Thomson Reuters Institute. Retrieved from https://www.thomsonreuters.com/en-us/posts/government/identity-theft-drivers/

Dash, B., Ansari, M. F., Sharma, P., & Ali, A. (2022). Threats and Opportunities with AI-based Cyber Security Intrusion Detection: A Review. International Journal of Software Engineering & Applications, 13(5), 13–21. https://doi.org/10.5121/ijsea.2022.13502

The World Economic Forum, Protecting against cyber security threats in the metaverse. (2024, September 10). Retrieved from https://www.weforum.org/stories/2023/06/how-to-protect-against-immersive-cyber-security-threats-in-the-metaverse/

The Promotion of Security Threats through the Metaverse

Leave a Reply

Leave a Reply Cancel reply