The metaverse is increasingly likely to be the target of cyberattacks that pose a real risk, both to the companies that choose to be active in it and to the users who access it. The growth of the metaverse emphasises the need to address the cybersecurity challenges posed by this new multimedia environment.
The metaverse is estimated to account for a 1 % share of the global economy, reaching $8-13 trillion by 2030, according to investment bank Citi. Precisely because of this growth, the metaverse is increasingly likely to be targeted by cybercriminals.
As explained by the websites Ooda and Lexology, the metaverse refers to a digital universe resulting from multiple technological elements that include virtual reality and augmented reality. The idea is that users can access the metaverse through 3D viewers and have virtual experiences. In fact, it is possible to create realistic avatars, meet other users or perform all those actions that we carry out on the Internet on a single platform, even including things like building real estate or a marketplace.
Therefore, the metaverse requires the concurrent use of many technologies, where augmented reality, cloud technologies and artificial intelligence are combined to become functional. In this universe, there is also the possibility of creating a new economy through cryptocurrencies.
Given the technologies involved, the risk of becoming a victim of cyberattacks in the metaverse is very high. In addition, the simultaneous use of such different technologies, as well as the collection and storage of infinite amounts of both personal and non-personal data, and the use of blockchain, make traditional monitoring and preventing of cyberattacks a complex and demanding task. For instance, there are dozens of cases of counterfeit works or products being sold in the decentralised world.
Although it is assumed that phishing activities may increase significantly with the metaverse, the following are also possible:
- Identity theft: cybercriminals, through information found online and in the metaverse, could partake in user identity theft, for example by stealing avatars.
- Cryptocurrency theft: cybercriminals could take possession of users’ wallets and passwords in the metaverse and carry out criminal actions.
However, the main cybersecurity concern in the metaverse should focus on personal data (as in the real world), which will be cybercriminals’ main target of attack.
Biometric data released by users can be used to take control of devices that enable the transition from virtual reality to augmented reality, as these use the user’s biometric data to enable access within the metaverse.
Companies will need to take precautions to prevent this type of attack, and ensure that their security systems are safe and do not include any vulnerable aspects that can cause serious damage not only to the economy and their reputation, but also to users. However, in this regard, there is still a lack of regulatory regimes that should be put in place as soon as possible to ensure the protection of the metaverse and its users.