Johannesburg, 10 Mar 2022
South African companies such as MTN, which have entered the “metaverse universe”, should be cognisant of a number of novel cyber security risks that may have dire ramifications in the real world.
This is the warning from cyber security companies, who told ITWeb that while the metaverse will inevitably lead to a transformation of the internet from Web 2.0 to Web 3.0, its success hinges on several factors, with security being a key component.
Presenting a keynote address the ITWeb’s Business Intelligence Summit 2022 this week, Anna Collard, SVP of content strategy and evangelist of security firm KnowBe4 Africa, highlighted the vast data and security challenges posed to businesses exploring the metaverse, non-fungible tokens (NFT), crypto as well as the blockchain ecosystem.
According to Collard, while the metaverse is fast being recognised as a multibillion-dollar market ripe for innovation from which various industries can accelerate their offerings, it is also touted as a breeding ground for hackers.
Metaverse and non-fungible token (NFT) platforms, which are often based on the blockchain or distributed ledger technology, open up a world of infinite vulnerabilities to both users and companies, she noted.
These include phishing scams via e-mail, social media or third-party apps; falling for fake marketplaces; hacking of smart contracts; hackers tampering with token metadata; crypto-malware; crypto-jackers or netsplits in blockchains, among others.
Each metaverse has its own set of coins used for paying everything, called metaverse tokens. Other currencies used include including NFTs and crypto-currencies.
Dubbed the next evolution of social connection, a “metaverse” is a virtual reality space where users in different parts of the globe can interact with each other and with virtual beings in a computer-generated environment.
“In Africa, 13% of investment scams in 2021 were crypto scams. Cryptbot, an info-stealer that accesses victims’ crypto-currency wallets and account credentials, was the most prolific malware family in the group, raking in almost half a million dollars in pilfered Bitcoin for thieves,” she explained.
“Another prolific family is QuilClipper, a clipboard stealer, which was ranked the eighth most popular malicious software that targets bitcoin transactions.”
South Africa’s metaverse and NFT market is expected to gain popularity this year, as more local companies dabble with immersive technologies to deliver operational and revenue improvements.
Last month, MTN and advertising and marketing consultancy M&C Saatchi Abel became the first local firms to buy virtual real estate in Africa’s first metaverse, Africarare.
MTN will be building multiple experiences which showcase different parts of their business from around the world.
Responding to a question on how MTN should safeguard the business and its customers in the metaverse, Collard pointed out: “There are different and advanced vulnerabilities coming up as a result of these new technologies. MTN should do a risk assessment first, which is determined by what services they want to offer in the metaverse.
“If they only want to place a billboard for marketing purposes, the threats are low, but if they will transact and sell contracts in this space, then the risks are much higher. So it’s important to sit down and map out the potential risk implications, threats and abuse cases incase things go wrong.”
In February, OpenSea, the world’s largest NFT marketplace, suffered major losses when a cyber-attack robbed investors of $1.7 million.
Carl Wearn, head of risk and resilience, e-crime and cyber investigation at Mimecast UK, points out that theft of metaverse user accounts or biometric data, online racism, discrimination, and bullying behaviour are expected to become part of the challenges experienced by users in the metaverse world.
“New technology always comes with new risks. Each metaverse uses its own economy based on the users and their revenue aspirations. This will give rise to new crypto-currencies, much like the numerous national currencies that already exist.
“In these virtual economies, portability and secure exchange offices are required. The security of this will be a major challenge. We observe a significant increase in the provision of currency exchanges but also determined attempts by threat actors to launder ‘money’ and exploit currency exchanges in this domain,” explains Wearn.
Wearn is of the view that the metaverse, for some countries, will be an unregulated environment, given the transnational characteristics of the current Web and the inherent jurisdictions challenges associated with this domain.
“Local law enforcement agencies may not have the capacity to enforce effectively here and will rely on metaverse owners to ‘police’ this environment,” he continues.
Emad Haffar, head of technical experts for META at Kaspersky, warns of social engineering tactics, similar to those deployed by criminals on dating platforms.
“Having accepted the fact that the metaverse is one of the elements of the future, users of the metaverse should think about the security of digital avatars and possible threats
“Like in dating apps, people in virtual reality may not be who they claim to be, or might not have the best intentions. This can lead to: catfishing schemes, stalking and doxing,” warns Haffar.
Share