JULY 23, 2020 — The COVID-19 pandemic has helped fuel large-scale cyberattacks, some of which exploit insecurities to perform malicious activities on internet-connected devices—the Internet of Things. Now researchers at UTSA have developed a real-time system that is capable of detecting infected IoT devices as soon as they are compromised.
Such devices could be deployed in consumer premises and the nation’s critical infrastructure. During the ongoing pandemic, the researchers saw a surge in attacked smart medical devices, which can threaten the privacy of patient data, their safety and violate federal law that protects privacy of patient health information.
“Smart devices are here to stay—inside our homes, cars and businesses. They are used in water facilities, power utilities and manufacturing plants all over the country. But without ensuring a proactive security plan, malicious cyber actors—including state-sponsored threats—can use such unprotected devices to infiltrate every facet of our lives,” said Elias Bou-Harb, associate director of the Cyber Center for Security and Analytics in the College of Business at UTSA, who along with a team of researchers engineered this first-of-a-kind cybersecurity capability. “We see hundreds and thousands of infected IoT devices that are still in operation here in the U.S. without anyone pinpointing them.”
According to security analysts, network scanning is a very popular method to initiate an attack by getting information about a target. It’s for this reason that the UTSA team used this particular approach to sense information about internet-scale deployed devices.
The researchers captured more than 100 gigabytes per hour of traffic that arrives at a network telescope, an internet-based space that acts as a sinkhole of unsolicited traffic. Using this data, they developed active scanning techniques to understand if, when and how IoT devices are compromised.
Their methodology can also locate the IoT device utilized, including business sector (financial, health, utilities, etc.) and specific IP address as well as device type and brand of that hacked device.
This UTSA cybersecurity capability shows that there is anywhere between a 200% and 400% increase in the overall number of IoT malicious activities from just a month-to-month analysis, both globally and in the U.S.
The researchers have also identified other malicious software, such as botnets, where such infected IoT devices are coordinated by a specific malware to launch orchestrated attacks or coordinated tasks. To achieve this, the researchers analyzed passive network traffic to create profiles of the scanning activities generated by compromised IoT devices. The profiles were next used to build the real-time and dynamic early detection system that estimates malware growth.
The most common identified compromised devices were DVRs, connected cameras and network-attached storage devices. During the start of the COVID-19 pandemic, results indicated a fivefold increase in global IoT exploitations. The analysis also spotted close to 400 health-sector devices that were compromised in which about a quarter were based in the U.S. alone.
While some of the exploitations were mainly associated with well-known IoT malware and botnets (for example, Mirai and Satori), the UTSA team uncovered newly targeted ports to indicate emerging malware and botnets. They were able to compare and analyze two IoT-generated scanning campaigns that also allowed the tracking and evolution of IoT malware and botnets (such as ADB.Miner and Fbot), which can exploit existing—and in some cases new—vulnerabilities.
“In one case we saw a compromised device in an operating room,” said Bou-Harb. “We also saw exploited devices in 46 hospitals and clinics globally and in four health facilities here in the U.S. A patient shouldn’t have to worry about digital safety while getting care, especially these days, during this pandemic.”
In this operational environment and online-service shift expedited by the pandemic, the UTSA researchers are striving to produce risk analytics that result in actionable intelligence against cyberwarfare that targets hospitals and other critical infrastructure. Currently, it’s believed that nine of 10 IoT devices send unencrypted information across the web.
“The growth in telehealth medicine leveraged with IoT has improved health care access for patients but also raises the risk factor,” said Bou-Harb. “It’s crucial that both companies who rely on these IoT devices and those who manufacture them understand how to balance digital risk with fast health care delivery. We hope that sharing threat information from our cybersecurity capability, the industry will be proactive and protect against these ever-changing exploitations.”
The researchers at the Cyber Center for Security and Analytics have published a few studies based on their developed capabilities, including in the March 2020 edition of IEEE Transactions on Dependable and Security Computing and in the May 2020 edition of IEEE Network Letters.
UTSA Today is produced by University Communications and Marketing, the official news source of The University of Texas at San Antonio. Send your feedback to news@utsa.edu. Keep up-to-date on UTSA news by visiting UTSA Today. Connect with UTSA online at Facebook, Twitter, Youtube and Instagram.
Aproduction of the Gudalupe Cultural Arts Center, Rio Bravo showcases the vibrant music and dance traditions of the Texas-Mexico border region. Featuring the Guadalupe Dance Company and Mariachi Azteca de América, the performances will be filmed live both nights, courtesy of UTSA's College of Liberal and Fine Arts.
UTSA Downtown CampusCheer on our Roadrunners as they face Houston Christian University. Featuring a special halftime show with Ballet Folklórico Sol de San Antonio and Mariachi Los Paisanos performing with the Spirit of San Antonio Marching Band.
AlamodomePubMed is an essential database for anyone conducting biomedical or health-related research. This workshop will teach attendees how to navigate this free resource effectively and locate peer-reviewed articles using basic & advanced search features, MeSH subject headings, and Boolean operators.
Virtual EventIn this workshop, we will review the basic concept of metadata and how it can influence digital projects, particularly those that include images like exhibits and mapping. Through the lens of preserving cultural heritage, you will learn about some of the more popular types of metadata schema and participate in a hands-on Dublin Core cataloging exercise.
CEDISH Co-Lab 3.02.38, 3rd Floor, John Peace LibraryMariachi Los Paisanos & Mariachi Juviniles will perform. Free and open to the public.
UTSA Recital HallAre you looking for a job/internship? Connect with over 60+ employers to learn more about their job/internship opportunities. All students and classifications are welcome to attend.
HEB BallroomsJoin UTSA Libraries and Museums to learn more about the publishing discounts available for UTSA researchers. Current agreements include Elsevier, Cambridge University Press, Springer Open, and more. Please bring your questions and feedback for the library as we continue to pursue partnerships with publishers to reduce costs for our researchers.
Virtual EventThe University of Texas at San Antonio is dedicated to the advancement of knowledge through research and discovery, teaching and learning, community engagement and public service. As an institution of access and excellence, UTSA embraces multicultural traditions and serves as a center for intellectual and creative resources as well as a catalyst for socioeconomic development and the commercialization of intellectual property - for Texas, the nation and the world.
To be a premier public research university, providing access to educational excellence and preparing citizen leaders for the global environment.
We encourage an environment of dialogue and discovery, where integrity, excellence, inclusiveness, respect, collaboration and innovation are fostered.
UTSA is a proud Hispanic Serving Institution (HSI) as designated by the U.S. Department of Education .
The University of Texas at San Antonio, a Hispanic Serving Institution situated in a global city that has been a crossroads of peoples and cultures for centuries, values diversity and inclusion in all aspects of university life. As an institution expressly founded to advance the education of Mexican Americans and other underserved communities, our university is committed to promoting access for all. UTSA, a premier public research university, fosters academic excellence through a community of dialogue, discovery and innovation that embraces the uniqueness of each voice.