Hacker attacks in the metaverse: risks for users and companies

The metaverse is prone to hacker attacks as well as privacy and cybersecurity issues. The Italian company that exploits artificial intelligence applied to cybersecurity, Ermes – Intelligent Web Protection has identified the main forms of cybercrime risk in this new dimension. 

Hacker attacks in the metaverse: main risks for Ermes users 

According to the report by Ermes – Intelligent Web Protection, an Italian company selected by Gartner in the top 100 worldwide companies that exploit artificial intelligence applied to cybersecurity, the metaverse is a combination of technological, social and economic factors, which combined led to an explosion of interest. 

In this new and increasingly attractive scenario, there are risks for users who, still unaware of the new virtual marketplace, should approach it with the due caution. 

Among the possible risks, Ermes identifies the main forms of hacker attacks in the metaverse:

• information theft: users could unknowingly share their sensitive data directly with a hacker, putting their real-life assets at risk;
• identity theft: this is the theft of the user’s avatar that would lead to the hacker being recognized as the true owner, able to perform the relevant malicious actions;
• cryptocurrency theft: users could be robbed of passwords to their crypto and NFT wallets, and keys to access their avatars in the metaverse. 

Hackers in the metaverse: the main risks for Ermes companies 

Companies operating in the metaverse could also be susceptible to hacker attacks, and again, Ermes identifies some main forms of risk as follows:

• FOMO (fear of missing out): some companies, for fear of being left out of the “next big thing,” might feel compelled to enter the virtual marketplace without proper knowledge of the medium and end up in the wrong hands. 
• Compromise of integrity: this is the exposure of one’s own data in the metaverse without considering that it could be equated to any public exposure online. As such, companies could be at risk of data theft.

• Copyright infringement: companies need to prevent possible copyright infringement in the metaverse, as it is not specified who actually owns the content. 

Interest in the metaverse has exploded so much that the total market for 2024 is estimated to be $800 billion. In this regard, Lorenzo Asuni, Chief Marketing Officer of Ermes – Intelligent Web Protection, said: 

“Ermes is keeping a watchful eye on new developments, both technological and social, affecting the metaverse. However, I think it is premature to talk about applicable technical solutions as there is no true unified metaverse yet. What we can do today, is to identify the typical trends of a new technology that could exploit the naivety and lack of attention of users. At the moment, there is no protection other than education and personal best practices. Our research and development team is preemptively looking for concrete tools to secure people’s experience in the metaverse.” 

The example of cybercrime in the metaverse: the deepfake

Few days ago, Prabhu Ram, head of the industry intelligence group at CyberMedia Research reportedly gave an example of cybercrime in the metaverse: deepfakes. 

In short, two avatars, a boss and an employee talk about a multi-million dollar deal in the metaverse and separate. Then they meet again and the boss knows nothing about the previous conversation. 

Deepfakes are that case of hacking whereby one avatar replaces another, with the same appearance.