Threats in the metaverse and artificial intelligence are challenges in cybersecurity

Threats exploring the metaverse, both in evolutions of existing dangers and in new ones, and the use of more advanced artificial intelligence systems appear as some of the allies of digital criminals for the future.

The report sought out companies and specialists, in addition to evaluating a series of documents with industry forecasts, to point out their threat forecasts for the coming months.

The maintenance of ransomware, blocking information released upon ransom, in a prominent place among the main threats is unanimous. In addition, care is recommended when expanding channels that can be exploited by attackers: more devices online with the arrival of 5G and exploiting commercial partners that are less concerned about security.

On the side of criminals, greater collaboration between groups and offers of remuneration for those who improve the viruses used in attacks demand attention, as they can bring more sophistication to malicious programs. Additionally, advanced artificial intelligence systems can help improve how these threats work.

Ransomware and extortion

Ransomware has become the world’s leading cyberthreat and is set to continue to rise, driven by “ransomware as a service” practices, in which criminals rent the infrastructure needed for an attack to allow even laymen to commit crimes. These threats should become more targeted, rather than generalist attacks.

In parts, the change in targets is due to possible sanctions applied to those who transfer money to criminal groups. “They could potentially face legal action if they make ransom payments to groups listed on sanctions lists, for example, Russian-based ransomware groups,” says Avast’s prediction text.

These scams are often associated with extortion. Attackers ask for a ransom to release access to systems, but also charge not to leak stolen data. For Fabio Assolini, director of Kaspersky’s research team for Latin America, the sanctions imposed by the General Data Protection Law can boost the practice in Brazil, since undue disclosure of information can generate millionaire fines. Something similar happened in Europe.

The expert also claims that the change could even lead to a pattern in which criminals prioritize the extortion stage, without necessarily blocking access. “The leak is less work for the criminals”, he says.

Metaverse and crypto assets

A study carried out by the cybersecurity company Tenable heard 1500 information security and IT engineering specialists in the US, UK and Australia to map out the bets on the most likely threats in metaverse environments:

• Conventional phishing attacks, malware and ransomware attacks (81%);
• Impersonate other people by cloning their voice and other features into avatars (79%);
• Attacks that place an “invisible person” eavesdropping on a conversation, also called “person in the room” (78%)

Furthermore, in 2022, attacks against cryptocurrency services gained prominence — this type of resource is often linked to metaverse services. In an attack on a network used by the game Axie Infinity, for example, criminals stole more than US$ 620 million (R$ 3.2 billion at current exchange rates).

IoT

Connected devices, the so-called internet of things (IoT), which are expected to become even more numerous with 5G, represent an increase in the so-called “attack surface”. It is the mesh that can be exploited by attackers to hack an adversary.

“The vast majority of IoT devices were not designed with security in mind,” warns Roberto Engler, security lead at IBM Brazil.

Last year, for example, a flaw was discovered in a GPS tracker by the Chinese company MiCODUS, used by 420,000 customers – including even the military fleet. The vulnerability allows complete control of the device, which includes figuring out the car’s location, cutting off its fuel and disabling the alarm.

Stolen credentials and partners

In addition to traditional phishing (fake content) to steal access information to private systems, so-called credential theft has gained sophistication in recent months —and this could be the gateway for hackers to enter companies. An IBM security report released last year already noted an increase in attacks caused by stolen credentials.

Another path explored is to undermine commercial partners that have eventual access to private systems. Instead of directly breaking into a large company, with advanced protocols, it may be easier for a criminal to gain access by compromising a smaller service provider, for example.

This was the case of the attack on Okta, publicized in March. The company specializes in managing access to other companies’ systems. According to the victim, hackers from the Lapsus$ group reached their systems through a service provider. Stolen credentials, in turn, can be the opening for customer intrusions.

Artificial intelligence

The use of artificial intelligence in cybersecurity is nothing new. For attackers, it serves as a way to automate the spread of viruses and to frequently modify malicious programs to evade detection. For defense, it helps identify threats.

Advances in the area, however, bring new opportunities. ChatGPT, one of the most advanced language tools in the world and which exploded in 2022, can be used to help create fake email text, for example. It has also been used by criminals to improve virus programming.

Expert Fabio Assolini, however, makes the caveat that ChatGPT specifically has a disadvantage: it is a snitch. “All searches are registered. And it asks you to create a user, or link your Google, Facebook or Apple account, to access the service.” That is, anyone who tries to use the service for nefarious purposes can be identified.