Demand for security services in the metaverse is on the up

Cybersecurity | Digital Twin and Metaverses

28th of September 2022

KEYS FACTORS OF THE ANALYSIS

  • 2021 set a new record for global cyberattacks and the adoption of the metaverse is expected to generate a new upturn in this trend.
  • There is a lack of experts to cover all of today's cybersecurity demands, which represents a major business opportunity for companies looking to target the specific field of security in virtual environments.
  • There are three attack vectors that are inherent to cybersecurity in the metaverse: hardware security, digital identity and breaches in crypto platforms and marketplaces.
  • Grungo is the first law firm to have established an advisory branch dedicated to metaverse, with its virtual headquarters located at a plot in Decentraland.

In 2020, during the peak of the Covid-19 crisis, there was a huge increase in cybercrime cases; however, as the metaverse and new virtual reality environments started to expand during the post-pandemic period, this only served to increase the problem, combined with new risks associated with the cyber universe. As part of this analysis, we will identify examples of how this type of attack, inherent to the metaverse, is now taking place and we will see cases of companies that are beginning to form a new innovation ecosystem that has emerged to cover this new demand for virtual network security.

 

2021, A NEW RECORD IN TERMS OF CYBER ATTACKS

Before defining these attacks, specifically, the type of attacks typical of the metaverse and the companies emerging in this new ecosystem, we are going to take a look at the figures published this year by Checkpoint Research (5), which corroborate the continued rise in the problem of cybersecurity experienced during the post-Covid period:

  • In 2021, there was a 50% increase in the total volume of cyberattacks suffered by companies compared to 2020.
  • In Q4 2021, a weekly peak was seen in terms of cyberattacks per organization since records began, with a total of 925 per organization.
  • The Education and Research sector experienced the highest volume of attacks in 2021, with an average of 1,605 attacks per organization per week, up by 75% compared to the figure seen in 2020. In second position came the military and government sector, with 1,136 attacks per week, up by 47% year-on-year. In third position was the telecommunications industry with 1,079 attacks per week, up by 51% year-on-year.
  • Geographically, Africa has seen the highest number of attacks, with an average of 1,582 attacks per week per organization, up by 13% compared to 2020. APAC and Latin America come next in terms of total volume. However, in Europe, although the volume is smaller, the increase compared to 2020 was nothing less than a staggering 68%. A similar figure was registered in the United States, 61%.

MAJOR BUSINESS OPPORTUNITY

However, faced with this exorbitant growth in the number of attacks, public and private organizations continue to warn of a vacuum to be filled in terms of the lack of human resources to respond to this need.

For example, according to European Union estimates, cited by Mundo Hacker Academy (8), by 2022, more than 300,000 cybersecurity jobs in Europe will remain vacant. Furthermore, according to research by the Academy, 37% of current cybersecurity needs would remain uncovered.

Taking into consideration that, based on estimates made by JP Morgan (1), the world market of the metaverse will move a volume of USD 8 billion each year, this provides an idea of the emerging business opportunity to respond to the different associated attack vectors:

  • Malware, hacking and traditional phishing, transferred to virtual environments.
  • Theft of virtual assets (cryptocurrencies, NFTs).
  • Attacks on privacy and digital identity.

EXAMPLES OF CYBERATTACKS IN THE METAVERSE

As part of the new risks linked to the emergence of the metaverse, there are also types of cyberattacks that are unique to virtual environments:

Attacks on hardware itself: to function, the metaverse requires a series of technological equipment, such as VR glasses, which, once connected, run the risk of becoming a new target for cyber attackers.

Research is currently underway to obtain an understanding of how a hacker can gain access to these devices to manipulate them for unlawful purposes.

  • For example: the XR Security Initiative (XRSI) is a global non-profit organization created to promote research on the privacy and security of immersive environments. Much of its work is focused on providing all stakeholders involved in the metaverse value chain with unbiased information on the cyber risks associated with extended reality. Research carried out includes creating proof of concept to demonstrate how a cyber attacker can manipulate a virtual reality platform to readjust the physical limits of the hardware and, by doing so, for example, make a user walk up a flight of stairs or position them in front of a wall. Similarly, an attack could aim to manipulate augmented reality in a scene in such a way that users are maliciously directed towards a busy street or dangerous physical situations, such as unprotected and lonely spaces where they can later be robbed. (9)

Attacks against digital identity and data privacy: in relation to this point is the fact that technological equipment for virtual reality has the capacity to record, store and analyze a massive volume of data on the user's daily activities. Safeguarding the privacy of this information is another critical security aspect in the metaverse. This is where the eternal dilemma rears its head again: security vs user experience.

  • For example: deepfakes. Unlike other online social spaces, where the public profiles of users are distorted, the metaverse can practically create a virtual replica of a person's identity and daily activities. This offers cyber attackers the opportunity to impersonate other people by stealing the virtual identity of another subject or entity. In this regard,

 

BIBLIOGRAPHY

01. JP MORGAN. Opportunities in the metaverse. February 2022 [accessed 20/04/2022]. Available at: https://www.cnbc.com/2022/03/23/the-metaverse-may-bring-new-cyber-risks-heres-what-firms-can-do.html

02. CHECKPOINT RESEARCH. Check Point Research: Cyber Attacks Increased 50% Year over Year. January 10, 2022 [accessed 20/04/2022]. Available at: https://blog.checkpoint.com/2022/01/10/check-point-research-cyber-attacks-increased-50-year-over-year/

03. CHECKPOINT RESEARCH. 18th April – Threat Intelligence Report. April 18, 2022 [accessed 20/04/2022]. Available at: https://research.checkpoint.com/2022/18th-april-threat-intelligence-report/

04. CHECKPOINT RESEARCH. Check Point Research detects Vulnerability in the Rarible NFT Marketplace, Preventing Risk of Account Takeover and Cryptocurrency Theft. April 14, 2022 [accessed 20/04/2022]. Available at: https://research.checkpoint.com/2022/check-point-research-detects-vulnerability-in-the-rarible-nft-marketplace-preventing-risk-of-account-take-over-and-cryptocurrency-theft/

05. CHECKPOINT RESEARCH. Check Point Software’s 2022 Security Report: Global Cyber Pandemic’s Magnitude Revealed. 2022 [accessed 20/04/2022]. Available at: https://pages.checkpoint.com/cyber-security-report-2022.html

06. DETOX TECHNOLOGIES. Security Risks Associated With Metaverse In 2022. 2022 [accessed 22/04/2022]. Available at: https://www.detoxtechnologies.com/security-risks-associated-with-metaverse/

07. CIBERSEGURIDAD PYME. El metaverso demandará más expertos en ciberseguridad. January 05, 2022 [accessed 22/04/2022]. Available at: https://www.ciberseguridadpyme.es/actualidad/metaverso-y-ciberseguridad/

08. XRSI. Research & Standards. 2022 [accessed 22/04/2022]. Available at: https://xrsi.org/research-standards

09. XATAKA. Este Jensen Huang no es real, es virtual: así nos engañó a todos NVIDIA durante 14 segundos con un deepfake espectacular. August 13, 2021 [accessed 22/04/2022]. Available at: https://www.xataka.com/robotica-e-ia/este-jensen-huang-no-real-virtual-asi-nos-engano-a-todos-nvidia-durante-14-segundos-deepfake-espectacular

10. BENEFITS PRO. Cybersecurity in the metaverse is like the Wild West, attorneys warn firms. April 05, 2022 [accessed 22/04/2022]. Available at: https://www.benefitspro.com/2022/04/05/cybersecurity-in-metaverse-like-the-wild-west-attorneys-warn-412-128557/?slreturn=20220325025422

11. FORTUNE. The metaverse gets its first personal injury lawyer. December 13, 2021 [accessed 22/04/2022]. Available at: https://fortune.com/2021/12/13/metaverse-personal-injury-lawyer/