A combination of maturing and emerging consumer-facing cyber threats could add to the many challenges that enterprise security teams will need to contend with in 2023.
Researchers at Kaspersky, looking at how the cyber threat landscape will likely evolve over the next year, expect that threat actors will expand use of many of their current tactics while exploring new avenues for attack via social media, streaming services, and online gaming platforms.
For business admins, the expansion of brands into the world of the metaverse (the theoretical universal and immersive virtual world of the Internet, facilitated by the use of virtual reality and social media) could open them up to attack. And in the era of remote work and bring-your-own-device (BYOD), any consumer threat is potentially an enterprise one, so IT security teams would do well to follow the trends in this space.
Attacks Using Current Techniques Will Grow…
Malware, ransomware attacks, and phishing are not the only scourges of the crypto industry, as the Metaverse could become a big target next year, according to cybersecurity experts.
Other many of the attacks will target individuals looking for alternate sources for downloading a legitimate streaming app, or a particular episode of a show. Expect to see cybercriminals use widely anticipated titles and streaming service provider names such as Netflix, Hulu, and Amazon Prime Video as lures to get users to download malware or to direct them to phishing sites.
Consumers will also face more gaming subscription fraud and scams that involve online currencies and artifacts. Attackers will primarily target games that use currencies and allow sale of in-game items and boosters because they give threat actors a way to process money obtained from other illegal activities.
It is also expected that attackers will also try to exploit a continuing shortage in the availability of popular gaming consoles via fake pre-sale offers as well as fraudulent giveaways and discounts from online stores purporting to sell hard-to-find consoles.
…Even as Threat Actors Explore New Attack Avenues
Meanwhile, the metaverse, online education platforms, and certain categories of health-related apps will all become new avenues for attack in 2023, Kaspersky said.
Privacy will emerge as a major concern in the metaverse, Kaspersky predicted. “As the metaverse experience is universal and does not obey regional data protection laws, such as GDPR, this might create complex conflicts between the requirements of the regulations regarding data breach notification,” Kaspersky said.
Others have also expressed concern over the increased amount of personal information that will be collected in fully immersive environments via VR headsets and their collection of cameras, microphones, and motion trackers. Many expect the data will reveal a lot about a user’s location, appearance, and other private information while also enabling attackers to carry out more sophisticated phishing and social engineering scams.
Moreover, despite efforts by technology companies to build protection mechanisms into metaverses, “virtual abuse and sexual assault will spill over into metaverses,” Kaspersky said. “As there are no specific regulation or moderation rules, this scary trend is likely to follow us into 2023.”
“The metaverse represents an area where consumer threats will be different from years past,” says Anna Larkina, a security expert at Kaspersky. “Fake, malicious VR and AR apps, as well as privacy risks and potential abuse associated with this new frontier, will account for threats we haven’t necessarily seen before,” she says.
Attacks targeting consumers should matter to enterprise security teams because attacks on companies quite often involve the human factor, Larkina says. “If the system is technically secure enough, then you can get inside the system by ‘hacking’ employees of the company.