JULY 23, 2020 — The COVID-19 pandemic has helped fuel large-scale cyberattacks, some of which exploit insecurities to perform malicious activities on internet-connected devices—the Internet of Things. Now researchers at UTSA have developed a real-time system that is capable of detecting infected IoT devices as soon as they are compromised.
Such devices could be deployed in consumer premises and the nation’s critical infrastructure. During the ongoing pandemic, the researchers saw a surge in attacked smart medical devices, which can threaten the privacy of patient data, their safety and violate federal law that protects privacy of patient health information.
“Smart devices are here to stay—inside our homes, cars and businesses. They are used in water facilities, power utilities and manufacturing plants all over the country. But without ensuring a proactive security plan, malicious cyber actors—including state-sponsored threats—can use such unprotected devices to infiltrate every facet of our lives,” said Elias Bou-Harb, associate director of the Cyber Center for Security and Analytics in the College of Business at UTSA, who along with a team of researchers engineered this first-of-a-kind cybersecurity capability. “We see hundreds and thousands of infected IoT devices that are still in operation here in the U.S. without anyone pinpointing them.”
According to security analysts, network scanning is a very popular method to initiate an attack by getting information about a target. It’s for this reason that the UTSA team used this particular approach to sense information about internet-scale deployed devices.
The researchers captured more than 100 gigabytes per hour of traffic that arrives at a network telescope, an internet-based space that acts as a sinkhole of unsolicited traffic. Using this data, they developed active scanning techniques to understand if, when and how IoT devices are compromised.
Their methodology can also locate the IoT device utilized, including business sector (financial, health, utilities, etc.) and specific IP address as well as device type and brand of that hacked device.
This UTSA cybersecurity capability shows that there is anywhere between a 200% and 400% increase in the overall number of IoT malicious activities from just a month-to-month analysis, both globally and in the U.S.
The researchers have also identified other malicious software, such as botnets, where such infected IoT devices are coordinated by a specific malware to launch orchestrated attacks or coordinated tasks. To achieve this, the researchers analyzed passive network traffic to create profiles of the scanning activities generated by compromised IoT devices. The profiles were next used to build the real-time and dynamic early detection system that estimates malware growth.
The most common identified compromised devices were DVRs, connected cameras and network-attached storage devices. During the start of the COVID-19 pandemic, results indicated a fivefold increase in global IoT exploitations. The analysis also spotted close to 400 health-sector devices that were compromised in which about a quarter were based in the U.S. alone.
While some of the exploitations were mainly associated with well-known IoT malware and botnets (for example, Mirai and Satori), the UTSA team uncovered newly targeted ports to indicate emerging malware and botnets. They were able to compare and analyze two IoT-generated scanning campaigns that also allowed the tracking and evolution of IoT malware and botnets (such as ADB.Miner and Fbot), which can exploit existing—and in some cases new—vulnerabilities.
“In one case we saw a compromised device in an operating room,” said Bou-Harb. “We also saw exploited devices in 46 hospitals and clinics globally and in four health facilities here in the U.S. A patient shouldn’t have to worry about digital safety while getting care, especially these days, during this pandemic.”
In this operational environment and online-service shift expedited by the pandemic, the UTSA researchers are striving to produce risk analytics that result in actionable intelligence against cyberwarfare that targets hospitals and other critical infrastructure. Currently, it’s believed that nine of 10 IoT devices send unencrypted information across the web.
“The growth in telehealth medicine leveraged with IoT has improved health care access for patients but also raises the risk factor,” said Bou-Harb. “It’s crucial that both companies who rely on these IoT devices and those who manufacture them understand how to balance digital risk with fast health care delivery. We hope that sharing threat information from our cybersecurity capability, the industry will be proactive and protect against these ever-changing exploitations.”
The researchers at the Cyber Center for Security and Analytics have published a few studies based on their developed capabilities, including in the March 2020 edition of IEEE Transactions on Dependable and Security Computing and in the May 2020 edition of IEEE Network Letters.
UTSA Today is produced by University Communications and Marketing, the official news source of The University of Texas at San Antonio. Send your feedback to news@utsa.edu. Keep up-to-date on UTSA news by visiting UTSA Today. Connect with UTSA online at Facebook, Twitter, Youtube and Instagram.
Come and meet your First-Year Experience (FYE) UPM Peer Mentor! As a first-year student at UTSA, you will be meeting with a peer mentor in your Academic Studies area. Your peer mentor is here to support and guide you academically and socially, as you navigate your first year of college. Your UPM Peer Mentor will be emailing you a unique Zoom link to their UPM Meet & Greet!
Virtual EventThe UTSA Zoom license will provision your UTSA email account with a Higher ED Pro Zoom account that comes with multiple features. Join us as we review these features. including best practices, for using this software for education and think about the best way to use it in, for, and with our digital classrooms.
Virtual EventA restorative justice virtual conversation to process thoughts and emotions as our community continues to navigate the impacts of Covid-19.
Virtual EventJoin us for our Spring 2022 virtual get-together where you can meet the Student Success Team, Faculty, and Peer Mentors in the College for Health, Community and Policy (HCaP). This will be a great opportunity to get connected to the HCaP community and meet other HCaP students. Plus, you get to learn about services offered through the new HCaP Student Success Center.
Virtual EventArt of Wellbeing is back for Roadrunner Days. This months focus is on vision board making, set your vision for the semester by creating a visual representation of your goals.
Recreation Wellness Center, 1.806, Main CampusThe UTSA and San Antonio community are invited to join Dr. Charles W. McKinney, Jr., Neville Frierson Bryan Chair of Africana Studies and an Associate Professor of history at Rhodes College in Memphis for UTSA's Annual MLK Day lecture (virtual). The YouTube link for the event is coming soon
Virtual EventJoining Connect UTSA is a way to make a difference and make your voice heard when it comes to issues of transportation on campus. To become a member, 10 hours of community service and 20 “connect credits” are required.
Pecan Room, 2.01.26, Student UnionThe University of Texas at San Antonio is dedicated to the advancement of knowledge through research and discovery, teaching and learning, community engagement and public service. As an institution of access and excellence, UTSA embraces multicultural traditions and serves as a center for intellectual and creative resources as well as a catalyst for socioeconomic development and the commercialization of intellectual property - for Texas, the nation and the world.
To be a premier public research university, providing access to educational excellence and preparing citizen leaders for the global environment.
We encourage an environment of dialogue and discovery, where integrity, excellence, inclusiveness, respect, collaboration and innovation are fostered.
UTSA is a proud Hispanic Serving Institution (HSI) as designated by the U.S. Department of Education.
The University of Texas at San Antonio, a Hispanic Serving Institution situated in a global city that has been a crossroads of peoples and cultures for centuries, values diversity and inclusion in all aspects of university life. As an institution expressly founded to advance the education of Mexican Americans and other underserved communities, our university is committed to ending generations of discrimination and inequity. UTSA, a premier public research university, fosters academic excellence through a community of dialogue, discovery and innovation that embraces the uniqueness of each voice.
