Kaspersky presented a number of key ideas for what the consumer threat landscape will look like in 2023, and shared a list of potential pitfalls most likely to be used in the coming year. Anna Larkina, Kaspersky's Web Content Analyst; “While certain types of threats, such as phishing, scams, malware, etc., remain unchanged, the traps used by scammers depend on what time of year we are, current issues, developments, etc. varies considerably. This year, shopping and back-to-school seasons, major pop culture events like Grammys and Oscars, movie premieres, new smartphone announcements, popular game release dates, etc. We have seen spikes in cybercrime activities against users over the years. The list could go on as cybercriminals quickly adapt to new social, political, economic and cultural trends and invent new fraud schemes to take advantage of the situation.” commented.
Games and streaming services
“Fraud activities for game subscription services will increase”
Sony's PlayStation Plus service began to compete with Microsoft's subscription service GamePass after its revamp, offering to play (stream) games not only on consoles but also on PC (PS Now) to increase its market share. The larger the number of registered subscribers, the greater the number of scams and account stealing attempts over the sale of game keys. These schemes can take forms very similar to the streaming scams observed over the past few years.
“The supply shortage in game consoles can be exploited”
The supply shortage in next-gen consoles has shown some signs of softening, but with the release of PS VR 2 by Sony, it may come back to the fore in 2023. This virtual reality headset, which requires a PS5 to work, seems to be a convincing reason for many to buy the console. Another factor is expected to be the release of the PRO version consoles, which we have heard rumors since mid-2022 and are expected to trigger the demand to an unmet level. Online store clones selling hard-to-find consoles with fake sales offers, generous “gifts” and “discounts”… All these types of scams are expected to take advantage of console supply shortages.
“In-game virtual coins will be popular with scammers”
Most of today's games have started to monetization outside of sales revenue, for example the use of in-game currencies as well as the sale of in-game items and power-ups. Games involving monetization and micropayments have been the primary targets of cybercriminals as they process money directly, while in-game items and in-game money have also become prime targets for attackers. For example, this summer, cyber thieves stole $2 million worth of items from a hacked game account. Also, scammers can trick their victims into making a bogus in-game deal to get in-game valuables. New plans are expected to emerge in the coming year, focusing on the "resale" or theft of virtual currencies.
“Cybercriminals will benefit from long-awaited games”
This year, we've seen an attacker claim to have leaked a dozen videos from the long-awaited Grant Theft Auto 6. Probably in 2023, we will witness more hacks related to games like Diablo IV, Alan Wake 2 or Stalker 2, which are scheduled to be released later in the year. In addition to possible leaks, we expect an increase in scams targeting these games and the number of Trojans disguised as these games.
“Streaming will continue to be an endless source of income for cybercriminals”
Streaming services bring more and more exclusive content to specific platforms every year. As TV shows increase in number, they are not only a source of entertainment, but also a cultural phenomenon that influences fashion and trends. Considering the busy schedule of movie premieres in 2023, we expect to see increases in the number of Trojans distributed using streaming services like Netflix.
Social Media and Metaverse
“New social media will bring more privacy risks”
We want to believe that we will see a revolutionary event in the world of social networks in the near future. Perhaps this will happen in augmented reality (AR), not virtual reality (VR). Of course, as soon as a trendy new app emerges, risks for its users begin to emerge. Privacy will likely continue to be a major concern, as many startups neglect to structure their apps around privacy-protecting best practices. While this attitude may be trendy and useful, it can lead to the need to compromise personal data on the “new” social media and the risk of cyberbullying to remain high.
“Exploiting the Metaverse”
As we test industrial and administrative applications of this new technology, we are taking our first steps towards virtual reality using metadata for entertainment. Although we've only met a few metaverse platforms so far, that's enough to reveal the risks that future users will face. Because the Metaverse experience is universal and does not comply with regional data protection laws such as GDPR, this can create complex conflicts between the requirements of data breach reporting regulations.
“Virtual harassment and sexual assault cases will spread to metaverses”
Despite efforts to establish a protection mechanism for the metaverses, we have already encountered cases of avatar rape and abuse. As there are no specific editing or moderation rules, this frightening trend is quite likely to follow us into the next year.
“New source of personal data for cybercriminals”
Taking care of your sanity is no longer just a fad or trend, it has become an absolutely necessary activity. Although at some point we have become accustomed to the fact that the Internet knows almost everything about us, we have not yet fully realized that our virtual portrait can be enriched with sensitive data about our psychological state. As the use of mental health apps increases, so does the risk of sensitive data collected by these apps being accidentally leaked or passed on to third parties through a compromised account. Thus, the attacker, familiar with the details of the victim's mental state, is likely to launch a highly accurate social engineering attack. Now imagine that the target we're talking about is a top employee of a company. We are likely to see stories of targeted attacks involving sensitive data on the mental health of company executives. Also, when you add data such as facial expressions and eye movement collected by the sensors in VR headsets, we think that leaking this data could be disastrous.
Be the first to comment