Security Risks in the Metaverse – com! professional


In the so-called Metaverse or Web 3.0, many things are supposed to be different. What remains: Cyber ​​criminals will also try to do their mischief here. This is shown by analyzes by Cisco’s cybersecurity arm Talos.

The internet as we know it is changing. How sustainable remains to be seen. In any case, the so-called Web 3.0 with blockchain, cryptocurrencies and decentralized data storage will provide the technical basis for the Metaverse, a new virtual 3D space for digital encounters and business as well as electronic exchange. More and more users are already experimenting with NFTs (Non Fungible Tokens) or cryptocurrencies.

While the forthcoming upheaval will be significant, one thing seems certain: the Metaverse will also be teeming with hackers, phishers, and scammers. Cisco Talos, the networking giant’s ICT security arm, has analyzed the specific dangers lurking in Web 3.0 and examined the new virtual space for its weaknesses. Conclusion: The Metaverse brings new technologies, but also old problems.

Web 3.0: Playground for cybercriminals

The fact is: The promises of Web 3.0 also make it interesting for cybercriminals. They use well-known social engineering and phishing techniques. However, completely new attack vectors are also emerging around the metaverse. “Most cybercriminals are financially motivated. The Metaverse provides them with a large and unregulated playground in which to steal their cryptocurrency and NFTs from unsuspecting users – assets that are nearly impossible to recover if stolen,” said Jaeson Schultz, technical leader at Cisco’s Talos Security Intelligence & Research groups in a recent blog post. There he also gives tips on how to better protect yourself in Web 3.0.

In particular, Cisco Talos lists the following security risks:

  • ENS DNS domains for cryptocurrency wallets. The chosen ENS (Ethereum Name Service) name could break anonymity and reveal the identity of the owner of the virtual wallet address. ENS names such as “DebbieSmith.eth” are often seen or found on Twitter profiles, which can determine that person’s credit and lure cybercriminals. 3.8 percent of the .eth addresses found by Talos contained more than $100,000 in Ethereum, while 9 percent of the addresses contained more than $30,000.
  • Social Engineering Attacks, especially via social networks, where users are supposed to be tempted to act thoughtlessly. This works particularly well with new technologies that users are not yet very familiar with. The attacks target, for example, wallet cloning, Metamask support scams and attacks on «whale» accounts with large amounts of cryptocurrencies.
  • Malicious smart contracts. Attackers write their own malware, which resides on the blockchain in the form of malicious smart contract code. Examples include “sleepminting” (faking the origin of NFT) and attackers tricking users into granting access to their wallets without handing over the digital asset.
  • Active attacks on seed phrases (Recovery Word List) and intentional spying on wallet seed phrases.
And the security issues mentioned are likely to be just the beginning. “Cisco Talos anticipates that as Web 3.0 and the Metaverse mature, so will cybercriminal interest. This will increase both the volume of attacks and their sophistication,” summarizes Schultz.

Source: com! professional by www.com-magazin.de.

*The article has been translated based on the content of com! professional by www.com-magazin.de. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!