Thursday, March 23

Kaspersky: Cyberthreats still likely in Metaverse


Metaverses can be useful for end users to play and spend time in virtual spaces but there are still cybersecurity threats such as a possible account takeover, which can lead to identity theft and fraud. — AFP photo

KUCHING: All the complexity in the Metaverse makes many people wonder if there are cybersecurity and privacy implications, but Kaspersky points out that cutting through the hype, most things remain the same.

According to Kaspersky’s Asia Pacific managing director Sandra Lee in a statement, Metaverses can be useful for end users to play and spend time in virtual spaces.

At the same time, businesses can also benefit from the use of the digital spaces.

One of the most obvious options is to improve the training and education experience for employees.

Metaverses and immersive technologies can accelerate corporate e-skills and others.

The Metaverse provides new interactive learning experiences in virtual reality (VR), augmented reality (AR) and mixed reality that enable people to learn faster, retain information better and enjoy the process.

“On the other side, it is often not completely clear what people mean when using the term Metaverse,” Lee highlighted.

“Are they referring to a particular virtual world, like Fortnight, or a VR ecosystem, like Oculus?

“To complicate the matter further, people throw in more buzzwords, like NFT and blockchain. For example, there is a startup that promises a solution to create AI-enabled digital avatars that can be minted and sold as NFTs to be used in the Metaverse – it’s enough to make your head spin.

“All this complexity makes many people wonder if there are cybersecurity and privacy implications. However, cutting through the hype, we can see that most things remain the same.

“We still have the problem of a possible account takeover, which can lead to identity theft and fraud.

“In the same way that adversaries can get access to your personal or corporate correspondence if they hack your email accounts via phishing, malware or credential stuffing, they can also gain access to your personal data stored on your preferred Metaverse platform.

“From a corporate perspective, it still means that a human is the weakest link when it comes to cybersecurity.”

Some things might turn out to be different, and let’s try to imagine where this might go in a few years if the concept persists. One of the promises of Metaverse is interoperability.

“For example, a house you bought on Decentraland and a pair of luxury virtual sneakers from OpenSea would be accessible on all platforms, including the one you use to go to work at your virtual office.

“This creates a single point of failure and puts greater stress on the need to protect your accounts.”

Another problem is that this interoperability can be based on blockchain, such as Ethereum.

This puts more responsibility on the end user to keep their identity and digital property safe as current blockchains, by definition, lack central authority.

“This means if your fancy NFT avatar is stolen, the platform cannot help you, as demonstrated by the high-profile NFT-ape stealing cases.

“Also, tying identity (and access to personal data) to a blockchain wallet, which also stores your money and digital property, means cybercriminals will be more eager to gain access to them.”

Finally, the question of trust in the platform is important.

“Many companies are already using the cloud as their primary infrastructure and have distributed their workforce accordingly, so moving the office to a VR world would be a logical next step (even though the tech still needs to evolve considerably to make the idea of being in VR for eight hours a day appealing).

“Those whose operations involve handling personal data or classified information might want to continue relying on on-premise solutions and not expose the identities of their employees on a blockchain.

“This means that should Metaverse actually become a new paradigm, (which is still an if), the basics of threat mitigation will be the same: protect your accounts by using password managers and 2FA, use a reliable cybersecurity solution to prevent malware and phishing attacks, and educate yourself and your employees on best cybersecurity practices.

“If you already use cryptocurrency, invest in a hardware wallet and please read our cybersecurity tips on how to keep your crypto safe.”

The Metaverse is still far from being a solid reality but when it does become part of daily lives, not every brand will be able to grow in these competitive markets.

Like the people who control them, avatars will have limited time, opportunity and energy to interact with companies.

Brands that hope to thrive in the Metaverse tomorrow need to explore its boundaries and possibilities today and stake their bets before there are no more virtual worlds left to conquer.