The metaverse will have its zombies – and yes, they can get you IRL

View all on-demand sessions from the Intelligent Security Summit here.

Many of us have seen this scene in so many zombie movies: a howling horde approaches the outpost in the form of a roaring, crawling pile of plagued flesh. ‘There are too many! Fall back!…” Gunfire, now stuttering and distant. An insane staccato of the frantic flight of the last survivor… Then, finally, silence.

Mēris (Latvian for “plague”), a modified version of the infamous Mirai botnet, released some 250,000 “zombies,” or compromised devices, to the party last summer, and the attack they staged would have put the scene above to shame. According to researchers, the botnet was able to send a whopping 21.8 million requests per second to its victims, causing their overloaded servers to crash in a major Decentralized Denial-of-Service (DDoS) attack.

DDoS attacks are up 37% in 2021, according to a recent report. Botnets consisting of hacked Internet of Things (IoT) devices are a major attack vector. And the truth is, this is just the beginning. Some of the processes unraveling in today’s tech scene could play into the hands of hackers and pave the way for attacks from an entirely new volume.

Ever since Facebook’s parent company changed its name to Meta, entire segments of the tech scene have been abuzz with chatter about the metaverse, a VR/AR-fused fusion of the real and virtual worlds. In practice, at least for now, it means wearing a funny-looking helmet on your head during a business meeting with animated 3D cartoons of your investors.


GamesBeat Summit: Into the Metaverse 3

Join the GamesBeat community online, February 1-2, to examine the findings and emerging trends within the metaverse.

Register here

In concrete terms, this means more connected devices everywhere, both on the company premises and at home. The bare minimum for running your business through the metaverse – i.e. Zoom – only requires two smartphones, but there’s a reason why the conference camera market exploded recently. You want a sharp picture and good sound with your calls, so you get the smart equipment that can do that. Security is also a must, so a few body heat sensors would also come in handy, as well as motion sensors to prevent overcrowding. Couple all that with a data platform to aggregate the sensor feed and build a comprehensive management solution, and you’re in the green.

Transforming an office, manufacturing site, power plant, or other business or industrial facility into a metaverse hub is a very distant prospect for now. However, it’s likely that this would mean bringing in a lot of connected devices. Headsets, which have yet to become ubiquitous; sensor-equipped wearables for better VR/AR control; and wall-mounted sensors must all be part of the picture if we are no longer willing to settle for experiencing the digital world on a regular screen. Even before the inverted dream caught on, the IoT device market was risingand the arrival of the metaverse would only kick the process into high gear.

Now, the bad news. We may want to cool our heads a bit and take a deep breath before embarking on a metaverse-induced IoT shopping spree, as all too often we can’t even properly protect the devices that are already on premise.

Ghosts in the machine

The IoT market has a major security problem. Poor management of connected devices ranks #1 on IT professionals’ list of security vulnerabilities in a recent questionnaire. Rightly so, it seems, because just in the six months from January to June 2021, hackers knew some 1.5 billion IoT devices, a huge increase from 2020. Some of these hacks may be nothing but a harmless prank, but others result in actual data loss and associated costs. And the latter are the ones that companies often prefer to remain silent about, so there is a certain fog of war at play here.

But even for what we know, a successful attack via or targeting a connected device could result in serious damage. It can knock out power grids, shut down assembly lines, or offer the attackers a cozy glimpse into the inner workings of the target through the eyes of hijacked cameras.

Likewise, the proliferation of potentially vulnerable devices likely means we’ll see even more massive botnets in the future. Their ability to take down websites and web services is tricky enough in a world where the SaaS model is becoming dominant in the software market. If your customers need to connect to your server, whether it’s your own or on-cloud, to use your services, an attack that attacks them targets the core of your business.

In addition, botnets can do more than spam connection requests to any target their overlords don’t like. A botnet can spread malware, making it a powerful multiplier in a larger attack. It can extract sensitive data from its army of zombified devices for espionage or blackmail, or as an intelligence-gathering tool for a targeted phishing attempt. There are even more exotic options for smart hackers to try, such as interfering with the power supply in a specific network, which is potentially deadly in harsh winter conditions.

The push for the metaverse, should it ever bear fruit, will not in itself create fertile ground for the emergence of the largest botnet ever, as this trend has long been in the making. However, without the necessary precautions and security protocols in mind, this could be the final nudge that sets off a roaring avalanche – so we’d better get ready now to fight off those hordes of zombies.

Brad Yasar is the founder and CEO of EQIFi.

Data decision makers

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including the technical people who do data work, can share data-related insights and innovation.

To read about advanced ideas and up-to-date information, best practices and the future of data and data technology, join DataDecisionMakers.

You might even consider contributing an article yourself!

Read more from DataDecisionMakers