JULY 23, 2020 — The COVID-19 pandemic has helped fuel large-scale cyberattacks, some of which exploit insecurities to perform malicious activities on internet-connected devices—the Internet of Things. Now researchers at UTSA have developed a real-time system that is capable of detecting infected IoT devices as soon as they are compromised.
Such devices could be deployed in consumer premises and the nation’s critical infrastructure. During the ongoing pandemic, the researchers saw a surge in attacked smart medical devices, which can threaten the privacy of patient data, their safety and violate federal law that protects privacy of patient health information.
“Smart devices are here to stay—inside our homes, cars and businesses. They are used in water facilities, power utilities and manufacturing plants all over the country. But without ensuring a proactive security plan, malicious cyber actors—including state-sponsored threats—can use such unprotected devices to infiltrate every facet of our lives,” said Elias Bou-Harb, associate director of the Cyber Center for Security and Analytics in the College of Business at UTSA, who along with a team of researchers engineered this first-of-a-kind cybersecurity capability. “We see hundreds and thousands of infected IoT devices that are still in operation here in the U.S. without anyone pinpointing them.”
According to security analysts, network scanning is a very popular method to initiate an attack by getting information about a target. It’s for this reason that the UTSA team used this particular approach to sense information about internet-scale deployed devices.
The researchers captured more than 100 gigabytes per hour of traffic that arrives at a network telescope, an internet-based space that acts as a sinkhole of unsolicited traffic. Using this data, they developed active scanning techniques to understand if, when and how IoT devices are compromised.
Their methodology can also locate the IoT device utilized, including business sector (financial, health, utilities, etc.) and specific IP address as well as device type and brand of that hacked device.
This UTSA cybersecurity capability shows that there is anywhere between a 200% and 400% increase in the overall number of IoT malicious activities from just a month-to-month analysis, both globally and in the U.S.
The researchers have also identified other malicious software, such as botnets, where such infected IoT devices are coordinated by a specific malware to launch orchestrated attacks or coordinated tasks. To achieve this, the researchers analyzed passive network traffic to create profiles of the scanning activities generated by compromised IoT devices. The profiles were next used to build the real-time and dynamic early detection system that estimates malware growth.
The most common identified compromised devices were DVRs, connected cameras and network-attached storage devices. During the start of the COVID-19 pandemic, results indicated a fivefold increase in global IoT exploitations. The analysis also spotted close to 400 health-sector devices that were compromised in which about a quarter were based in the U.S. alone.
While some of the exploitations were mainly associated with well-known IoT malware and botnets (for example, Mirai and Satori), the UTSA team uncovered newly targeted ports to indicate emerging malware and botnets. They were able to compare and analyze two IoT-generated scanning campaigns that also allowed the tracking and evolution of IoT malware and botnets (such as ADB.Miner and Fbot), which can exploit existing—and in some cases new—vulnerabilities.
“In one case we saw a compromised device in an operating room,” said Bou-Harb. “We also saw exploited devices in 46 hospitals and clinics globally and in four health facilities here in the U.S. A patient shouldn’t have to worry about digital safety while getting care, especially these days, during this pandemic.”
In this operational environment and online-service shift expedited by the pandemic, the UTSA researchers are striving to produce risk analytics that result in actionable intelligence against cyberwarfare that targets hospitals and other critical infrastructure. Currently, it’s believed that nine of 10 IoT devices send unencrypted information across the web.
“The growth in telehealth medicine leveraged with IoT has improved health care access for patients but also raises the risk factor,” said Bou-Harb. “It’s crucial that both companies who rely on these IoT devices and those who manufacture them understand how to balance digital risk with fast health care delivery. We hope that sharing threat information from our cybersecurity capability, the industry will be proactive and protect against these ever-changing exploitations.”
The researchers at the Cyber Center for Security and Analytics have published a few studies based on their developed capabilities, including in the March 2020 edition of IEEE Transactions on Dependable and Security Computing and in the May 2020 edition of IEEE Network Letters.
Part of the University Relations Speakers Series, this panel discussion addresses the impact of Covid19 on the Latino community. Sarah Zenaida Gould, Ph.D., Mexican American Civil Rights Institute; Gabriel R. Sanchez, Ph.D., University of New Mexico; Marie T. More, Ph.D., University of Missouri; and Dr. Rogelio Saenz, Ph.D., professor in the Department of Demography at UTSA will be a part of this panel.Virtual Event
Rosie Castro is an American civil rights activist and educator from San Antonio who has been invovled in prominent groups like the Young Democrats of America, the Mexican American Youth Organization, the Committee for Barrio Betterment and La Raza Unida Party. She is the mother of former presidential candidate Julián Castro and Rep. Joaquín Castro.Virtual Event
In observance of Hispanic Heritage Month, the book for this month will explore issues of Latinx identity, diversity, equity, student success and social justice. Weekly sessions will include guest speakers and virtual discussions. The club will be reading "Redeeming La Raza: Transborder Modernity, Race, Respectability, and Rights" by UTSA professor Dr. Gabriela González.Virtual Event
Organized by faculty and staff from the College for Health, Community and Policy, the third Texas Latino Policy Symposium convenes academics, practitioners and activists from across the state to engage in discussions that examin the need of our Latino population and the impact of COVID-19 in Texas. The goal of this symposium is to formulate policy responses to propose to the Texas legislature that redress the disproportionate lasting impact the pandemic has had on Latino families.Virtual Event
The University of Texas at San Antonio is dedicated to the advancement of knowledge through research and discovery, teaching and learning, community engagement and public service. As an institution of access and excellence, UTSA embraces multicultural traditions and serves as a center for intellectual and creative resources as well as a catalyst for socioeconomic development and the commercialization of intellectual property - for Texas, the nation and the world.
To be a premier public research university, providing access to educational excellence and preparing citizen leaders for the global environment.
We encourage an environment of dialogue and discovery, where integrity, excellence, inclusiveness, respect, collaboration and innovation are fostered.
UTSA is a proud Hispanic Serving Institution (HSI) as designated by the U.S. Department of Education.
The University of Texas at San Antonio, a Hispanic Serving Institution situated in a global city that has been a crossroads of peoples and cultures for centuries, values diversity and inclusion in all aspects of university life. As an institution expressly founded to advance the education of Mexican Americans and other underserved communities, our university is committed to ending generations of discrimination and inequity. UTSA, a premier public research university, fosters academic excellence through a community of dialogue, discovery and innovation that embraces the uniqueness of each voice.