Cyberattackers See New Playground in the Metaverse

By Greg Tavarez, TMCnet Editor  |  December 19, 2022

Innovative technologies and their use cases continue to emerge. Two of the latest to become popular buzzwords in teach are the metaverse and the space satellites. But, as consumers and businesses play around with these technologies to gain a better understanding of how they work, Experian predicts that hackers are finding ways to exploit vulnerabilities in those new technologies.

The metaverse brings online experiences to life in a virtual world that offers on-demand immersive experiences, entertainment, community and new ways to connect and collaborate. It also brings new vulnerabilities for hackers to gain access. In the same way that hackers gain access to personal or corporate correspondence when they hack email accounts via phishing, malware or credential stuffing, they also gain access to personal data stored on metaverse platforms.

Also, gear such as VR headsets and AR glasses present additional points of entry for hackers and the probability of a data breach. These devices are constantly gathering information about users’ movements, habits and preferences. They can record what a user looks and sounds like.

A lack of comprehensive regulations regarding data capture and use in the metaverse isn’t helping the situation in the metaverse either. When that data is combined with other PII, it has the potential to deepen the impacts of a hack.

NFTs, the epicenter of the metaverse economy, also pose a risk as cybercriminals sell fake NFTs or gain access to user funds and data through phishing scams. In fact, crypto compliance company Elliptic reported that more than $100 million worth of NFTs were stolen in the past year.

The metaverse is not only a playground for users, it is also a playground for bad actors targeting them.

 As some hackers look to the virtual world, others look up at satellites in space. Society’s increasing reliance on satellite technologies brings a level of cyber risk that hasn’t existed previously. The continuous increase in satellite numbers means there are more targets for cybercriminals to breach, increasing the potential of an attack.

Imagine a tech start-up in the growing private satellite sector operates a constellation of LEO satellites. Its system has an out-of-date security patch that a hacker uncovers and exploits. If the company’s cybersecurity defenses aren’t resilient, that bad actor might hack the company’s satellite fleet and access all data being transmitted to and from the satellites.

The hackers could then jam signals and cripple business operations, making life on the ground challenging for anyone dependent on the organization’s infrastructure and services.

That is why it is essential for governments and companies deploying assets into space to understand the cyber risks their systems present and how those inherent vulnerabilities could potentially be exploited by hackers.

It’s not just with space satellites. That mindset needs to be applied for cybersecurity in its entirety. With IBM (News - Alert) reporting that organizations take 212 days to identify a cyber intrusion and 75 days to contain it, strategies to improve detection and containment need to be shored up.

“The reality is that cyberattacks can’t be prevented 100% of the time, but organizations that can discover and thwart cyberattacks quickly will suffer less damage financially and reputationally,” said Michael Bruemmer, vice president, global data breach resolution at Experian. “We believe there is a shift in mindset needed to focus on resiliency to complement the pursuit for absolute prevention.”




Edited by Erik Linask