![Page 1: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/1.jpg)
Security & The Internet of ThingsRandy Marchany
Virginia Tech IT Security Office and Lab
![Page 2: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/2.jpg)
What? Worry? Me?
• Internet of Things (IoT) is the latest phase in computer technology
• Computers embedded in common devices AND connected to the Internet
• Lab equipment• Cash registers• Building control
• Thermostats, lights, plumbing• Autos, trucks• Everyday devices (TV, toasters, etc.)
![Page 3: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/3.jpg)
Internet of Things (IoT) Examples• https://www.postscapes.com/internet-of-things-
examples• https://www.youtube.com/watch?v=QSIPNhOiMoE• https://www.youtube.com/watch?v=u1ymmRQ_p3k
• IoT is pervasive in the home and the workplace• Need to carefully examine the implications of having
such devices in the workplaces
• Security features are NOT built into IoT
![Page 4: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/4.jpg)
![Page 5: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/5.jpg)
How IoT Got Hacked
• https://www.wired.com/2015/12/2015-the-year-the-internet-of-things-got-hacked/
• https://www.youtube.com/watch?v=Ct3NJWq0LgEHacking the Internet of Things
![Page 6: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/6.jpg)
What have we seen here at VT?
![Page 7: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/7.jpg)
![Page 8: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/8.jpg)
![Page 9: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/9.jpg)
![Page 10: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/10.jpg)
![Page 11: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/11.jpg)
![Page 12: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/12.jpg)
![Page 13: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/13.jpg)
![Page 14: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/14.jpg)
![Page 15: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/15.jpg)
Gmail Account Compromises• We took action in Jan/Feb to reduce system compromises
leading to email spam attacks• Attackers have changed tactics as we have made their job
difficult• Latest trend is compromised Gmail accounts
• Fortunately this doesn’t help them with spam, but it can harm individuals whose accounts are compromised!
Date
Com
prom
ised
acco
unts
![Page 16: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/16.jpg)
Meet a Spammer
![Page 17: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/17.jpg)
![Page 18: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/18.jpg)
![Page 19: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/19.jpg)
![Page 20: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/20.jpg)
![Page 21: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/21.jpg)
![Page 22: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/22.jpg)
![Page 23: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/23.jpg)
![Page 24: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/24.jpg)
Consider IoT Risks• IoT security is negligible • IoT data collection needs to be understood • Data Classification becomes important. Be careful with high
risk data. • This is a great place to start as you work to determine your risk
exposure
Threat
Vulnerability
Asset
Risk
• Asset – something of value to the organization• Threat – possible danger to asset• Vulnerability – weakness that leave asset open to
threat
Risk = threat X vulnerability
![Page 25: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/25.jpg)
So what do we do?
• Identify assets, prioritize, and address risks
• You can’t solve everything at once!
Cartoon courtesy of http://www.hardygroupintl.com/blog/tag/risk-reduction/
![Page 26: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/26.jpg)
![Page 27: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/27.jpg)
Summary
• IoT is pervasive and here to stay• IoT collects large amounts of data• Where is it stored?• Should it be stored there?• Is it protected?
Thanks to David Raymond, Stephen Huff for the use of their slides
![Page 28: Security & The Internet of Things - Virginia Tech Account Compromises • We took action in Jan/Feb to reduce system compromises leading to email spam attacks • Attackers have changed](https://reader031.vdocuments.us/reader031/viewer/2022022013/5b2d4b487f8b9ac56e8bc40f/html5/thumbnails/28.jpg)
Contact information
• Randy Marchany, [email protected], 540-231-9523 (direct line), 540-231-1688 (office), Twitter: @randymarchany
• http://security.vt.edu