JULY 23, 2020 — The COVID-19 pandemic has helped fuel large-scale cyberattacks, some of which exploit insecurities to perform malicious activities on internet-connected devices—the Internet of Things. Now researchers at UTSA have developed a real-time system that is capable of detecting infected IoT devices as soon as they are compromised.
Such devices could be deployed in consumer premises and the nation’s critical infrastructure. During the ongoing pandemic, the researchers saw a surge in attacked smart medical devices, which can threaten the privacy of patient data, their safety and violate federal law that protects privacy of patient health information.
“Smart devices are here to stay—inside our homes, cars and businesses. They are used in water facilities, power utilities and manufacturing plants all over the country. But without ensuring a proactive security plan, malicious cyber actors—including state-sponsored threats—can use such unprotected devices to infiltrate every facet of our lives,” said Elias Bou-Harb, associate director of the Cyber Center for Security and Analytics in the College of Business at UTSA, who along with a team of researchers engineered this first-of-a-kind cybersecurity capability. “We see hundreds and thousands of infected IoT devices that are still in operation here in the U.S. without anyone pinpointing them.”
According to security analysts, network scanning is a very popular method to initiate an attack by getting information about a target. It’s for this reason that the UTSA team used this particular approach to sense information about internet-scale deployed devices.
The researchers captured more than 100 gigabytes per hour of traffic that arrives at a network telescope, an internet-based space that acts as a sinkhole of unsolicited traffic. Using this data, they developed active scanning techniques to understand if, when and how IoT devices are compromised.
Their methodology can also locate the IoT device utilized, including business sector (financial, health, utilities, etc.) and specific IP address as well as device type and brand of that hacked device.
This UTSA cybersecurity capability shows that there is anywhere between a 200% and 400% increase in the overall number of IoT malicious activities from just a month-to-month analysis, both globally and in the U.S.
The researchers have also identified other malicious software, such as botnets, where such infected IoT devices are coordinated by a specific malware to launch orchestrated attacks or coordinated tasks. To achieve this, the researchers analyzed passive network traffic to create profiles of the scanning activities generated by compromised IoT devices. The profiles were next used to build the real-time and dynamic early detection system that estimates malware growth.
The most common identified compromised devices were DVRs, connected cameras and network-attached storage devices. During the start of the COVID-19 pandemic, results indicated a fivefold increase in global IoT exploitations. The analysis also spotted close to 400 health-sector devices that were compromised in which about a quarter were based in the U.S. alone.
While some of the exploitations were mainly associated with well-known IoT malware and botnets (for example, Mirai and Satori), the UTSA team uncovered newly targeted ports to indicate emerging malware and botnets. They were able to compare and analyze two IoT-generated scanning campaigns that also allowed the tracking and evolution of IoT malware and botnets (such as ADB.Miner and Fbot), which can exploit existing—and in some cases new—vulnerabilities.
“In one case we saw a compromised device in an operating room,” said Bou-Harb. “We also saw exploited devices in 46 hospitals and clinics globally and in four health facilities here in the U.S. A patient shouldn’t have to worry about digital safety while getting care, especially these days, during this pandemic.”
In this operational environment and online-service shift expedited by the pandemic, the UTSA researchers are striving to produce risk analytics that result in actionable intelligence against cyberwarfare that targets hospitals and other critical infrastructure. Currently, it’s believed that nine of 10 IoT devices send unencrypted information across the web.
“The growth in telehealth medicine leveraged with IoT has improved health care access for patients but also raises the risk factor,” said Bou-Harb. “It’s crucial that both companies who rely on these IoT devices and those who manufacture them understand how to balance digital risk with fast health care delivery. We hope that sharing threat information from our cybersecurity capability, the industry will be proactive and protect against these ever-changing exploitations.”
The researchers at the Cyber Center for Security and Analytics have published a few studies based on their developed capabilities, including in the March 2020 edition of IEEE Transactions on Dependable and Security Computing and in the May 2020 edition of IEEE Network Letters.
Come to Bandera Market to celebrate national Hispanic Heritage Month with Hispanic vendors from a variety of countries. Free entry.Bandera Pointe Shopping Center,11627 Bandera Road
The College for Health, Community and Policy at UTSA is proud to present the Dean's Community Lecture Series, a series of events bringing community leaders from San Antonio and beyond to foster the natural leadership abilities of students while discussing critical topics in our community.Virtual Event
A video on Instagram Live (@UTSA_MSCEJ) of Chef Jesse Moreno-Valle from Aramark creating a couple of great dishes: sopa negra (black bean soup) al estilo Costa Rica y güirilas (a crepe style item made with corn and a cheese filling) from Nicaragua.Virtual Event
Visit the library to learn how to make your own Worry Dolls. Pick up a supply packet to make at the library or to take home. Worry dolls (also called trouble dolls; in Spanish, Muñeca quitapena) are small, hand-made dolls that originate from Guatemala.San Antonio Public Library, 9050 Wellwood, San Antonio, Texas 78250
For Hispanic Heritage Month this year we will be reading two books, starting in September with "I, Rigoberta Menchú", an autobiography. The October book will be "Cemetery Boys" by Aiden Thomas. Students who join the RJBC are eligible to receive the book free.Virtual Event
Dueling Tacos are on the menu for Noon Time Helping of Mexican cuisine in San Antonio Public Library's Virtual Kitchen! Celebrate Hispanic Heritage Month in style and discover new taco ideas!Virtual Event
Join the voice and instrument ensembles in this welcome back concert outdoors near the central fountain. Jazz, band, and choral favorites will be performed against the fall sunset--and it is all free!Sombrilla Plaza, Main Campus
The University of Texas at San Antonio is dedicated to the advancement of knowledge through research and discovery, teaching and learning, community engagement and public service. As an institution of access and excellence, UTSA embraces multicultural traditions and serves as a center for intellectual and creative resources as well as a catalyst for socioeconomic development and the commercialization of intellectual property - for Texas, the nation and the world.
To be a premier public research university, providing access to educational excellence and preparing citizen leaders for the global environment.
We encourage an environment of dialogue and discovery, where integrity, excellence, inclusiveness, respect, collaboration and innovation are fostered.
UTSA is a proud Hispanic Serving Institution (HSI) as designated by the U.S. Department of Education.
The University of Texas at San Antonio, a Hispanic Serving Institution situated in a global city that has been a crossroads of peoples and cultures for centuries, values diversity and inclusion in all aspects of university life. As an institution expressly founded to advance the education of Mexican Americans and other underserved communities, our university is committed to ending generations of discrimination and inequity. UTSA, a premier public research university, fosters academic excellence through a community of dialogue, discovery and innovation that embraces the uniqueness of each voice.