The metaverse is seen by many companies as a great business opportunity and for new ways of working. Security provider Trend Micro, however, warns in a recent research report that cybercriminals could misuse the technology for their own purposes.
Security researchers predict that a kind of darknet structure could emerge there, similar to today’s Internet. The machinations of the cyber gangsters could even take place in protected rooms that can only be reached from a specific physical location and via valid authentication tokens. This would make their underground marketplaces inaccessible to law enforcement agencies. In fact, it could be years before the police can operate effectively in the metaverse.
Sometimes I like to show some TV excerpt during the Cyber Security Awareness training sessions. It helps to boost the attention and to show how something have never changed.
Today is Ukraine Independence day. It’s also the six-month anniversary of the official launch of Russia’s invasion into Ukraine, with no clear end to the aggression in sight. Despite the widespread fears of cyber war at the outset of the invasion, no highly damaging incidents such as crippling attacks on Ukraine’s power grid have yet occurred.
As our updated timeline shows, however, the invasion did begin on February 24 with a disturbing assault on Ukraine’s communications capabilities via an attack on satellite provider Viasat, attributed to Russia’s GRU intelligence arm. Since then, a spate of digital disruptions by Russia, and digital defenses by Ukraine and its allies, point to a steady drumbeat of mostly low-level but steady and robust cyber assaults.
Business email compromise (BEC) attacks, where hackers hijack finance-related email threads and trick employees into wiring money to the wrong accounts, has led to losses of tens of billions of dollars over the past several years. These scams are growing more sophisticated, and hackers have developed ways to bypass multi-factor authentication (MFA) on cloud productivity services like Microsoft 365 (formerly Office 365).
A BEC attack recently analyzed by cloud incident response company Mitiga used an adversary-in-the-middle (AitM) phishing attack to bypass Microsoft Office 365 MFA and gain access to a business executive’s account and then managed to add a second authenticator device to the account for persistent access. According to the researchers, the campaign they analyzed is widespread and targets large transactions of up to several million dollars each.
