Could the metaverse lead to a spike in cybercrime?

Fortinet, which deals in comprehensive, integrated and automated cyber security solutions, published FortiGuard Lab's cyber threat forecasts for 2023 and beyond. The company's report warns that the success of ransomware attacks as a service is a precursor to cybercrime as a service.

FortiGuard Labs is Fortinet's in-house security research and response team. 

Many additional types of attacks will become available as a service through the dark web and will represent a significant expansion of crime. The report stated that cybercrime as a service is an attractive business model for malicious agents. 

With varying skill levels, hackers can easily use ready-to-use tools without investing time and resources in advance to create their own unique plans of attack.

Education and training in cyber security are crucial

Researchers explain that to defend against these developments, education and training on the subject of cyber security are crucial. The report also said that while many organizations offer basic cybersecurity training programs for employees, they should consider adding new modules that show how to identify new methods such as artificial intelligence-based threats.

Virtual cities and online worlds are the new attack ground that will drive cybercrime, the report emphasizes. They stated that the Metaverse has brought new experiences which are fully integrated into the online world and virtual cities which are among the first to rush into this new version of the Internet, powered by augmented reality technologies. Retailers are even launching digital goods available for purchase in these virtual worlds.

While these new online targets open up a whole world of possibilities, they also open the door to an unprecedented rise in cybercrime in unfamiliar territory. Researchers explained that a private person's avatar is a gateway to sensitive personal information, which makes it a main target for attackers. 

They emphasized that with the rise of virtual work and university studies or even embedded experiences from anywhere that authentication, protection and prevention along with advanced detection and response for endpoints (EDR) are necessary to enable real-time analysis, protection and repair.

Researchers further argue that money laundering is being boosted by automation to create money laundering as a service (LaaS). To promote the growth of cybercrime organizations, the heads of the organizations and partner programs employ money launderers who knowingly or unknowingly are used to launder money. 

Money laundering is usually done through anonymous money transfer services or through using cryptocurrencies to avoid detection.

Also, researchers of the Forescout company and researchers at Verdere Labs examined a long list of different threat trends in preparation for formulating 2023 forecasts. Along with threats and attackers that are becoming more and more sophisticated and constantly threaten businesses and organizations of every size and field, are growing trends such as increasing sophistication of ransom attacks or attacks on infrastructure facilities. 

Why is there a lack of experienced trainers?

A major trend that can't be ignored is the lack of experienced experts in the cybersecurity industry, especially in significant sectors such as healthcare, energy and essential infrastructure.

Researchers say that significant challenges will be securing medical devices, along with defending against state attack groups and ransom attacks on IOT devices and strategic devices.

Sophis, a leading global provider of information security and cyber as a service (RaaS) has also published its cyber threat forecast for 2023. The review describes the rise of the cybercrime-as-a-service model which allows unskilled attackers with limited technological capabilities to gain access to attack tools, and that ransomware attacks are evolving to become more sophisticated. 

With the increase in demand for stolen identification information, ransomware attacks continue to be one of the main threats to organizations.

Cybercrime trade arenas like Genesis allow anyone to buy tools that will cause damage and services for the purpose of distributing them (in the damage as a service model), as well as databases containing stolen usernames, passwords and other personally-sensitive information.

The success of ransomware attacks over the past decade has led to the adoption of the ransomware model as a service that allows even attackers with limited financial resources and tech capabilities to gain access to attack tools and carry out ransom attacks effortlessly.

Sean Gallagher, a senior threat researcher at Sophos, explains that cybercrime is no longer just about selling ransomware, phishing or basic fraud kits. Cybercriminals with advanced tech capabilities now sell any hacker tools and capabilities that were once the exclusive property of the most sophisticated cyber attackers in the world.