The Promotion of Security Threats through the Metaverse

The decentralized nature of the Metaverse offers criminals unprecedented potential to develop their harmful and malicious activities. However, we focus the work in the following paragraphs on the explanation and exploration of certain specific and often well-known activities, as well as on how their transhipment between virtual spaces imposes unforeseen and dangerous impacts on the stability of virtual spaces and the integrity of users, including the analysis of the countermeasures provided to address these risks and challenges.

1. Social engineering and misinformation as widely used domains in the Metaverse

As part of a digital space, the open and decentralized nature of the Metaverse makes it vulnerable to criminal expertise, which constantly exploits technological innovations to achieve criminal objectives, including destabilization. Social engineering and misinformation manifest as persistent and widely exploited areas to manipulate users into serving criminal objectives instead of their own.

Innovations in phishing and radicalization activities:

The transcendence of virtual spaces has called upon activities already known in the field of cybercrime such as phishing and radicalization as the main disinformation activities. Phishing accounts for the majority of high-risk activities against Metaverse users, with waves of cyberattacks targeting virtual platforms such as the phishing and identity theft cyberattack waves against the gaming platform Decentraland, aimed at exploiting the ignorance of minor users, highlighting the urgency of treating these activities as a major risk in this space. This means that we are facing activities of scamming and deception, which use false information to trick users and steal their information (Bhaskar et al., 2023).

Far from financial objectives, virtual spaces provide fertile ground for propaganda and online radicalization marketing. Virtual gatherings, particularly those of teenage gamers on platforms, have become targets for radicals who infiltrate these groups to carry out their activities – influencing the emotions and behaviours of virtual youth – in recruitment and ideological propaganda. The Metaverse thus, alongside the privileges offered to criminals, constitutes a perfect space for radicals to strongly promote the dissemination of their radicalization activities and the amplification of their extreme rhetoric, as confirmed by Procopiou (2022).

2. Infrastructure vulnerabilities

We have already mentioned the weakness and the immature level of the technological infrastructure in Morocco, which is still under development. From our point of view, this imposes more risks and problems to user security and risks undermining confidence in the process of securing data and services in the Metaverse.

DDoS in the Metaverse and the criminal use of decentralized applications:
Platforms in the Metaverse, with their multitude of services and domains, are subject to DDoS attacks, VRChat being the most well-known case in this discussion, where hackers overwhelmed the platform’s servers in 2022, causing disruptions in services and functionality. The financial losses were colossal, and the users, particularly the service providers on this platform, expressed their refusal and dissatisfaction with this disruption of their economic and commercial activities. This shows cybersecurity experts that the Metaverse can also be disrupted or halted if DDoS attacks indeed overload the network. Cybersecurity experts and professionals have not only confirmed the possibility that the Metaverse could be altered due to a DDoS attack; they rather emphasize the need to strengthen cybersecurity measures in the Metaverse to ensure stability and security (Ramadan et al., 2024).

According to the same author, in 2022, a hacker managed to steal 600 million dollars in the form of cryptocurrencies by exploiting vulnerabilities and security flaws in the system of a virtual application (dApp). Called Axie Infinity, the attack means that smart contracts on the platform can also be infiltrated by hackers for fraudulent purposes, but on a large scale. According to the study by Automatique (2024), cybersecurity experts emphasize, based on their analysis of this case, that computer vulnerabilities are also permanent in dematerialized applications, and that regular evaluations and audits are also necessary to remain within the limits of dApps’ resilience and security.

3. Exploitation of avatars and personal data

The risks of identity theft, privacy violations, and manipulation of personal information to achieve criminal objectives, as well as the interest in the Metaverse, are predominant. Especially since hackers are well-versed in using avatars to serve their interests, as well as generating falsified personal information and easily accessing stolen user identities.

Identity theft and data breaches in the virtual world:

The famous platform Second Life suffered a very notable cyberattack in 2021, during which criminal impostors managed to steal thousands of identities and avatars. This operation aimed to steal the virtual assets accumulated by these users during their gaming activities on the platform in question. The hackers proceeded by using stolen credentials, which gave them access to the avatars stored on the platform’s servers, allowing them to make money transfers and conduct illegal financial transactions (Greggwirth, 2024). This confirms that we are facing a situation that requires vigilance regarding user security, as their avatars can be used to undermine the stability and security of the Metaverse.

Moreover, the incidents in the Metaverse that confirm it has become a space of perils and dangers are numerous and diverse, with examples of data breaches also being numerous and confirming that we are facing a space that urgently requires reform in terms of security and resilience measures (Bhaskar et al., 2023). In 2022, a data breach incident occurred against the Somnium Space platform, targeting the use of biometric information and other sensitive data collected during the attack to carry out financial transactions and cryptocurrency transfers on behalf of the original users. That is why Gomez-Quintero (2024) emphasizes what the Metaverse represents as a security challenge that requires continuous review and updating of security, data storage, and encryption measures to prevent identity theft and privacy violations in the Metaverse.

4. Examples of technological countermeasures

The spread of risks and threats against the security and stability of services and assets in the Metaverse, including user integrity, requires not only vigilance but also the renewal and updating of protection and monitoring systems. Actors of different natures should introduce smart and advanced devices and frameworks to secure interactions in the Metaverse and keep blockchain transactions away from criminal plots.

AI prediction models and the use of blockchains for data integrity:

Virtual casino platforms have succeeded in developing AI-supported predictive models aimed at identifying suspects hiding fraudulent behaviours among system users. Their algorithms have repeatedly succeeded in identifying individuals suspected of money laundering and fraudulent transactions by analyzing transaction histories and user behaviours (Rahaman et al., 2024). The support of AI to improve detection and prevention systems for cybercrime also seems to be an opportunity for cybersecurity experts to tackle emerging threats in the metaverse and also an opportunity for stakeholders in this field to reduce risks and threats (Dash et al., 2022).
Blockchain technologies also offer unprecedented potential to strengthen the position of cybersecurity in this fragile and vulnerable space. The Sandbox platform uses specific processes to strengthen its cybersecurity strategy in the Metaverse; these processes have been effectively used to verify the accuracy of virtual asset ownership and the regularity of personal identity information (World Economic Forum, 2024). In this sense, Alauthma (2024) proposed the idea of using these processes that leverage the potential of blockchains in terms of decentralization and transparency to secure transactions and make them localized and monitored in order to reduce the rate of fraud, manipulation of personal data, and crime generally emerging in virtual spaces.

REFERENCES

Bhaskar, S., Kuna, A., Jayakumar, A., & Lakshmi, D. (2023). A Prelude to Cybersecurity Challenges in the Metaverse. In Advances in digital crime, forensics, and cyber terrorism book series (pp. 149–170). https://doi.org/10.4018/979-8-3693-0220-0.ch008

Procopiou, A. (2022). Ready Player Bad: The Future Rise of Extremism and Terrorism in the Metaverse. IEEE 2nd International Conference on Intelligent Reality. https://doi.org/10.1109/icir55739.2022.00022

Rahaman, M., Bakkireddygari, S. S., Chattopadhyay, S., Gomez, A. L., Arya, V., & Bansal, S. (2024). Infrastructure and Network Security. In Advances in information security, privacy, and ethics book series (pp. 108–144). https://doi.org/10.4018/979-8-3693-3824-7.ch005

Greggwirth. (2024, May 3). Identity theft is being fueled by AI & cyber-attacks – Thomson Reuters Institute. Retrieved from https://www.thomsonreuters.com/en-us/posts/government/identity-theft-drivers/

Dash, B., Ansari, M. F., Sharma, P., & Ali, A. (2022). Threats and Opportunities with AI-based Cyber Security Intrusion Detection: A Review. International Journal of Software Engineering & Applications, 13(5), 13–21. https://doi.org/10.5121/ijsea.2022.13502

The World Economic Forum, Protecting against cyber security threats in the metaverse. (2024, September 10). Retrieved from https://www.weforum.org/stories/2023/06/how-to-protect-against-immersive-cyber-security-threats-in-the-metaverse/