Cisco Talos suggests ways to navigate safely in Metaverse

The World Wide Web (Web) is currently undergoing the transition to “Web 3.0”, powered by cryptocurrency, blockchain technology, decentralized applications and file storage. A key part of this transition is the development of a 3D experience known as ‘Metaverse’, a virtual environment where people can shop, play games, spend time with distant friends, attend a concert or even hold a business meeting. This new world offers a wide range of unique challenges and security risks.

Metaverse is the next step in both social media and the internet, to participate in the new world, your identity is directly linked to the cryptocurrency wallet you use. Cisco Talos, one of the world’s largest private threat intelligence teams, has recently investigated the potential cyber threats posed by Metaverse. Since cryptocurrency already has more than 300 million users worldwide, it is no wonder that cybercriminals have now also attacked Metaverse.

“Recent security studies conducted by Cisco Talos have shown that Metaverse is an attractive environment for cybercriminals. Whether cybercriminals use old and well-known techniques (such as phishing) or use other newer methods of Web 3.0 technology (such as blockchain). “The arrival of the Metaverse world will further increase the potential for techniques and methods by which cybercriminals can make money,” said Jan Heijdra, Cybersecurity Specialist at Cisco Holland.

Cisco Talos has investigated the threats from the current Web 3.0 landscape and identified several security issues.

ENS domains

The growing popularity of digital currencies has led to increased use of Ethereum Name Service (ENS) domains. ENS domains are an easy-to-remember name used to find the associated cryptocurrency wallet address. While anyone can look up the contents of a wallet address in the public book, it is rarely clear who that wallet belongs to. As a result, there is an increased risk that ENS domains will be used by cybercriminals, which will trick unsuspecting users into believing that they are dealing with legitimate organizations.

Cloning of wallets

Adapting to a new technology often comes with the threat of social engineering, and Web 3.0 is no exception. The vast majority of security incidents affecting Web 3.0 users are the result of social engineering attacks, such as wallet cloning.

Many cyber attacks can therefore be avoided by following the well-known motto; if anything is too good to be true, it probably is. Through contests and tempting offers, cybercriminals can trick crypto users into sharing their data. Users are thus tricked into entering their seed phrase. The security of a cryptocurrency rests on public-private key cryptography. In the event that a cryptocurrency wallet is lost or destroyed, a user can recover his wallet and all its contents using a 12 to 24 word seeding. This is actually their private key. Anyone with knowledge of seeding can clone a cryptocurrency wallet and use it as their own.

“I’m here to help you.”

Another method that attackers use to extract the seed phrase from users is by mimicking a customer service representative. If a user has a question, they can post it on Twitter or in the “help” channel on a Discord server. Attackers monitor these channels and contact the user. When the user goes to the associated support form, it will of course ask for 12 word seed setting.

Whale wallet scam

In the cryptocurrency world, there are high-profile accounts with a large amount of cryptocurrency or NFTs known as “whales”. According to some estimates, only about 40,000 whales have about 80% of all NFT value, making them an attractive target for cybercriminals. Scammers know that small investors keep an eye on these so-called whale wallets and entice these investors to invest in their own fake projects.

Attackers trick users into giving access to wallets

Sometimes it is necessary to authorize a third party to trade tokens in your cryptocurrency wallet. Applications such as cryptocurrency swaps (eg Uniswap) and NFT marketplaces (OpenSea, etc.) usually ask their users for permission to access / change the contents of the user’s cryptocurrency wallet. Once the third-party access is approved, users of the application can exchange tokens or list NFTs for sale without paying additional fees each time. Attackers have found that they can trick a victim into giving others access to the contents of their crypto wallet. The ultimate lesson we are learning here is that losing your seed phrase is not the only way criminals can steal the contents of your crypto-wallet.

Tips for safe navigation of Metaverse

  • Good security: The simplest advice is often the best, and choosing solid passwords can go a long way for users to ensure their security. Also, use Multifactor Authentication (MFA), use a password manager, segment your networks, log network activity, and examine ENS domains and crypto wallet addresses for smart hidden typos. Never click on unsolicited links via social media or email.
  • Protect your seeding: Cisco Talos warns that users should always protect their seeding, which sometimes comes in the form of a QR code, and never pass it on to anyone. Increasingly, cryptocurrency wallets are being used to identify and personalize Metaverse content, so if you lose your seed phrase, you will lose control of your digital identity and personal belongings.
  • Think about using a hardware wallet: The most robust security systems use many different security layers. Using a hardware wallet adds another level of protection to cryptocurrency or NFT assets, as you need to insert something into your device, enter a PIN, and approve or reject transactions using your wallet address.
  • Examine your purchases: Are you considering buying NFTs? Find the smart contract address and see if the source code has been published. An unpublished source code is a bad sign! Find information about the developers of the project; anonymous developers can more easily be scammers.

Web 3.0 will usher in a new era, but with it comes a host of new threats. By following these simple tips from Cisco Talos, users can get the most out of their Web 3.0 experience while being aware of the risks

About Cisco

Cisco (NASDAQ: CSCO) is the world leader in Internet-powered technology. Cisco opens up new opportunities by reinventing your applications, securing your data, transforming your infrastructure, and enabling your teams to create a global and inclusive future. Find out more at The Network and follow us on Twitter.

This article is a submitted message and is not the responsibility of the editors.

Leave a Comment