19 Jan 2023
by Sascha Giese

Cyber risks and the metaverse (Guest blog by SolarWinds)

Guest blog by Sascha Giese, Head Geek™ at SolarWinds #NatSec2023

Let’s talk about cyber risk—in the trendiest cyberspace these days, the metaverse.

The metaverse is a shared virtual space. One of the definitions is a physically persistent virtual space running on top of the internet, including virtual worlds and augmented/mixed reality. It promises to provide a space for people to meet and interact with each other in a way similar to real life. Potentially, it could allow us to stay in another reality where we can communicate, work, play, and, first and foremost, consume. And in fact, this is the intention of the providers of this virtual landscape; to create a locked-down ecosystem where people spend money.

Now, where does the public sector or government fit in?

Remember, the metaverse is also a digital realm, so various use cases exist.

Governments, for example, could use the space to provide virtual city halls. No more queueing to interact with a civil servant to retrieve a document sounds promising. It’s also a potential platform for delivering public services digitally while keeping up human interactions.

Other use cases are training and simulations, all the way up to providing an alternative for armed forces, although this has failed recently. Overall, the potential uses for the metaverse are vast, and it will be up to governments to determine how best to utilize this technology to benefit their citizens.

What are the potential risks?

Because the metaverse is virtual, it’s subject to many of the same cyber risks as other online environments, such as hacking, malware, and phishing. Additionally, the metaverse introduces some unique risks, such as the potential for users to be targeted for cyberattacks based on their virtual activities and experiences. This could include attacks designed to steal virtual assets, such as virtual currency or virtual property, or disrupt the operation of the metaverse itself.

Another significant risk in the metaverse is the potential for user privacy to be violated. Because the metaverse is a virtual environment, users may be less aware of the potential for their personal information to be collected and used without their knowledge or consent. This could include collecting sensitive information, such as users’ locations, browsing habits, and personal preferences, and using it for targeted advertising or other purposes.

In public services, citizens are the users, and there’s a dangerous risk: account takeover or identity theft.

A stolen identity allows loads of “creative” use cases, like opening new accounts in the victim’s name, such as credit card or bank accounts, and using those accounts to make purchases or withdraw money. Applying for loans or other forms of credit using the victim’s personal information and failing to repay those loans can leave the victim with a damaged credit score and potential legal action.

And bad actors could use the victim’s personal information to commit other crimes and illegal activities ranging from fraud to espionage.

This isn’t science fiction at all. A quick screening of infamous marketplaces on the dark web shows countless identities already for sale. The metaverse would be another method of communication, but the same concept and rules apply.

Overall, the risks associated with identity theft are significant and can have severe consequences for the victim. It’s essential for individuals to take steps to protect their personal information and to be vigilant for signs their identity may have been stolen.

Mind the cryptocurrency and NFTs

Last but not least, a virtual space like the metaverse comes with a few concepts which sound abstract at best, like owning virtual territory or art in the form of non-fungible tokens (NFTs). London has an NFT vending machine, and some former politicians also discovered it as a niche.

These virtual goods are paid for with cryptocurrencies. And while money lost through credit card scams gets reimbursed regularly, this isn’t going to happen with Monero or Ethereum. Lost is lost, as there’s rarely a trail to follow.

Connecting the dots highlights risks far beyond account takeovers.

A closed system like the metaverse invites people to stay within their bubbles, and bubbles are prone to propaganda. Considering governments are notoriously slow in adopting technology, we might find ourselves in an uncontrolled vacuum that could have a massive impact on society.

It’s a dangerous place

Overall, the metaverse presents new opportunities and challenges for individuals, organizations, and the public sector. Users need to be aware of the potential risks and take steps to protect themselves and their virtual assets. This could include using strong passwords and avoiding suspicious links, emails, and virtual elements while being careful about the personal information they share in the metaverse.

One thing should be obvious—regular citizens won’t be the first who enter the metaverse. Crime is already there and waiting. For us, it means “shields up.”

In corporate IT, we trained users for many years not to click on every cat pic they find. In the metaverse, this gets much more complex because the cat is three-dimensional, animated, and possibly talks. How dangerously cute!


Vote for your new National Security Committee 2023 representatives

We are pleased to announce that voting is now open for techUK's National Security Committee.

Find out more

National Security Reception

We are delighted to announce that techUK's first National Security Reception will take place on 21 March 2023.

Book now!

 

 

Authors

Sascha Giese

Sascha Giese

Head Geek™, SolarWinds

Giese holds various technical certifications, including being a Cisco Certified Network Associate (CCNA), Cisco Certified Design Associate (CCDA), Microsoft Certified Solutions Associate (MCSA), VMware Technical Sales Professional (VTSP), AWS Certified Cloud Practitioner, and Network Performance Monitor and Server & Application Monitor SolarWinds Certified Professional® (SCP).

He has more than 10 years of technical IT experience, four of which have been as a senior pre-sales engineer at SolarWinds. As a senior pre-sales engineer, Sascha was responsible for product training SolarWinds channel partners and customers, regularly participated in the annual SolarWinds Partner Summit EMEA, and contributed in the company’s professional certification program, SolarWinds Certified Professional.

Read lessmore