A combination of mature and emerging consumer cyber threats could add to the many challenges enterprise security teams will face in 2023.
Kaspersky researchers, studying how the cyber threat landscape is likely to evolve over the next year, expect threat actors to expand the use of many of their current tactics while exploring new ones. avenues of attack via social media, streaming services and online gaming platforms.
For business administrators, the expansion of brands into the world of the metaverse (the theoretical universal and immersive virtual world of the Internet, facilitated by the use of virtual reality and social media) could open them up to attack. And in the age of remote work and bring your own device (BYOD), any threat to consumers is potentially a business threat, so IT security teams would do well to keep up with trends in this area. .
Attacks using current techniques will increase…
The security vendor, for example, expects cybercriminals to continue to take advantage of the post-pandemic surge in consumer interest in online streaming services to try to distribute malware, steal data, and steal data. perform other malicious activities.
Many attacks will target people looking for alternative sources to download a legitimate streaming app or a particular episode of a show. Expect to see cybercriminals using highly anticipated titles and streaming service provider names such as Netflix, Hulu and Amazon Prime Video as decoys to trick users into downloading malware or directing them to phishing sites , according to Kaspersky.
Consumers will also face more gaming subscription fraud and scams involving online currencies and artifacts. Attackers will mainly target games that use currencies and allow the sale of in-game items and boosters, as they give threat actors a way to process money obtained from other illegal activities.
In a report released earlier this year, Kount, a fraud protection service owned by Equifax, also identified online currencies as providing a plethora of opportunities for adversaries to launder money and commit card fraud. of payment. “For example, a fraudster creates a free account for an online multiplayer game, then uses stolen credit cards to fill the account with in-game currency and skins,” Kount researchers noted, adding, “A Once the account is loaded, the fraudster sells it on a merchant’s website, for anywhere between several hundred to several thousand dollars.
Kaspersky expects attackers to also try to exploit a persistent lack of availability of popular game consoles through fake pre-sale offers as well as fraudulent giveaways and discounts at online stores claiming to sell hard-to-find consoles. .
…even as threat actors explore new avenues of attack
Meanwhile, the metaverse, online education platforms and certain categories of health-related apps will all become new avenues of attack in 2023, Kaspersky said.
Privacy will become a major concern in the metaverse, Kaspersky predicted. “Because the Metaverse experience is universal and does not obey regional data protection laws, such as GDPR, it could create complex conflicts between regulatory requirements around data breach notification,” said Kaspersky.
Others have also expressed concern about the increased amount of personal information that will be collected in fully immersive environments via VR headsets and their collection of cameras, microphones and motion trackers. Many expect the data to reveal a lot about a user’s location, appearance, and other private information, while allowing attackers to conduct more sophisticated phishing and social engineering scams. .
At least some of the attacks in virtual reality and augmented reality environments will involve virtual abuse and sexual assault — such as those involving avatar rape cases, Kaspersky said.
The security vendor pointed to an incident where an avatar associated with a researcher from a non-profit advocacy group was breached on a metaverse platform owned by Meta as an example of the type of problems consumers can increasingly in addition meet.
Despite tech companies’ efforts to build protection mechanisms into metaverses, “virtual abuse and sexual assault will spread across metaverses,” Kaspersky said. “As there are no specific regulations or moderation rules, this scary trend is expected to follow us into 2023.”
“The metaverse represents an area where threats to consumers will be different from years past,” says Anna Larkina, security expert at Kaspersky. “Malicious fake VR and AR apps, and the privacy risks and potential abuse associated with this new frontier, will pose threats that we haven’t necessarily seen before,” she says.
Certain types of apps — such as those related to meditation or those where a consumer can offer a hint of their current emotional state — could become another new avenue of attack, Larkina says.
“It’s pretty easy to imagine a variety of apps for meditation, where you put in your current state/emotions, and they pick the right course for you,” she explains. “Such data can easily be collected and stored in order to track the user’s condition and suggest suitable meditation practices.” An attacker who gains access to this data could successfully execute phishing and social engineering scams in a very targeted way, she notes.
Attacks targeting consumers should be important to enterprise security teams because attacks against enterprises quite often involve the human factor, Larkina says. “If the system is technically secure enough, you can get inside the system by ‘hacking’ company employees.”
#metaverse #prime #avenue #cyberattacks