JULY 23, 2020 — The COVID-19 pandemic has helped fuel large-scale cyberattacks, some of which exploit insecurities to perform malicious activities on internet-connected devices—the Internet of Things. Now researchers at UTSA have developed a real-time system that is capable of detecting infected IoT devices as soon as they are compromised.
Such devices could be deployed in consumer premises and the nation’s critical infrastructure. During the ongoing pandemic, the researchers saw a surge in attacked smart medical devices, which can threaten the privacy of patient data, their safety and violate federal law that protects privacy of patient health information.
“Smart devices are here to stay—inside our homes, cars and businesses. They are used in water facilities, power utilities and manufacturing plants all over the country. But without ensuring a proactive security plan, malicious cyber actors—including state-sponsored threats—can use such unprotected devices to infiltrate every facet of our lives,” said Elias Bou-Harb, associate director of the Cyber Center for Security and Analytics in the College of Business at UTSA, who along with a team of researchers engineered this first-of-a-kind cybersecurity capability. “We see hundreds and thousands of infected IoT devices that are still in operation here in the U.S. without anyone pinpointing them.”
According to security analysts, network scanning is a very popular method to initiate an attack by getting information about a target. It’s for this reason that the UTSA team used this particular approach to sense information about internet-scale deployed devices.
The researchers captured more than 100 gigabytes per hour of traffic that arrives at a network telescope, an internet-based space that acts as a sinkhole of unsolicited traffic. Using this data, they developed active scanning techniques to understand if, when and how IoT devices are compromised.
Their methodology can also locate the IoT device utilized, including business sector (financial, health, utilities, etc.) and specific IP address as well as device type and brand of that hacked device.
This UTSA cybersecurity capability shows that there is anywhere between a 200% and 400% increase in the overall number of IoT malicious activities from just a month-to-month analysis, both globally and in the U.S.
The researchers have also identified other malicious software, such as botnets, where such infected IoT devices are coordinated by a specific malware to launch orchestrated attacks or coordinated tasks. To achieve this, the researchers analyzed passive network traffic to create profiles of the scanning activities generated by compromised IoT devices. The profiles were next used to build the real-time and dynamic early detection system that estimates malware growth.
The most common identified compromised devices were DVRs, connected cameras and network-attached storage devices. During the start of the COVID-19 pandemic, results indicated a fivefold increase in global IoT exploitations. The analysis also spotted close to 400 health-sector devices that were compromised in which about a quarter were based in the U.S. alone.
While some of the exploitations were mainly associated with well-known IoT malware and botnets (for example, Mirai and Satori), the UTSA team uncovered newly targeted ports to indicate emerging malware and botnets. They were able to compare and analyze two IoT-generated scanning campaigns that also allowed the tracking and evolution of IoT malware and botnets (such as ADB.Miner and Fbot), which can exploit existing—and in some cases new—vulnerabilities.
“In one case we saw a compromised device in an operating room,” said Bou-Harb. “We also saw exploited devices in 46 hospitals and clinics globally and in four health facilities here in the U.S. A patient shouldn’t have to worry about digital safety while getting care, especially these days, during this pandemic.”
In this operational environment and online-service shift expedited by the pandemic, the UTSA researchers are striving to produce risk analytics that result in actionable intelligence against cyberwarfare that targets hospitals and other critical infrastructure. Currently, it’s believed that nine of 10 IoT devices send unencrypted information across the web.
“The growth in telehealth medicine leveraged with IoT has improved health care access for patients but also raises the risk factor,” said Bou-Harb. “It’s crucial that both companies who rely on these IoT devices and those who manufacture them understand how to balance digital risk with fast health care delivery. We hope that sharing threat information from our cybersecurity capability, the industry will be proactive and protect against these ever-changing exploitations.”
The researchers at the Cyber Center for Security and Analytics have published a few studies based on their developed capabilities, including in the March 2020 edition of IEEE Transactions on Dependable and Security Computing and in the May 2020 edition of IEEE Network Letters.
UTSA Today is produced by University Communications and Marketing, the official news source of The University of Texas at San Antonio. Send your feedback to news@utsa.edu. Keep up-to-date on UTSA news by visiting UTSA Today. Connect with UTSA online at Facebook, Twitter, Youtube and Instagram.
This spring UTSA is hosting a 30-second film festival on TikTok! Your mission? Create a 30-second video that highlights how you relax with Adobe Creative Cloud. This is your chance to take a break from the world around you make something fun. The top three videos will receive prizes that will help you on your creative journey and the top ten winners will receive free Adobe swag!
Virtual EventA lecture series brought to you by Loma de Vida Spa & Wellness and UTSA College for Health, Community and Policy. Dr. Sara Oswalt is the chair of & professor in the Department of Public Health at UTSA. She is also a certified sexuality educator through the American Association of Sexuality Educators, Counselors, & Therapists.
Virtual EventAs part of the annual Campus Race to Zero Waste, the Office of Facilities will provide sensitive document shredding services for our UTSA community. You can bring work-related or personal documents. All we ask is for you to shred away to help recycle!
Parking Lot UTSA Student Union and Ximenes Avenue GaradeIn many courses, faculty broach relevant but difficult topics surrounding race, ethnicity, civil rights, and much more with sensitivity and caring—-but this may be especially difficult in an online classroom. In this session, Dr. Shelley Howell will discuss how faculty can create an inclusive classroom environment digitally to allow for conducive conversations for all parties.
Virtual EventGreat discussions continue this spring with Mary McNaughton-Cassill, Professor of Psychology and Donna Edmondson, University Ombuds. They are providing five 30-minute interactive webinars. Topics include bridge building, stigmas, team building, staying engaged at work and our shared experiences.
Virtual EventThe Black Student Union of UTSA presents a panel discussion on Black women in history and the impact of prominent Black women in the Roadrunner Community.
Virtual EventJoin this workshop to explore how this instructor designed and delivered an exemplary course with an innovative design and a student-centered approach. This workshop is focused on the use of virtual labs and interactive content using interactive tools such as PlayPosit and Softchalk for an enhanced learning experience in large classes (more than 400 students).
Virtual EventThe University of Texas at San Antonio is dedicated to the advancement of knowledge through research and discovery, teaching and learning, community engagement and public service. As an institution of access and excellence, UTSA embraces multicultural traditions and serves as a center for intellectual and creative resources as well as a catalyst for socioeconomic development and the commercialization of intellectual property - for Texas, the nation and the world.
To be a premier public research university, providing access to educational excellence and preparing citizen leaders for the global environment.
We encourage an environment of dialogue and discovery, where integrity, excellence, inclusiveness, respect, collaboration and innovation are fostered.
UTSA is a proud Hispanic Serving Institution (HSI) as designated by the U.S. Department of Education.
The University of Texas at San Antonio, a Hispanic Serving Institution situated in a global city that has been a crossroads of peoples and cultures for centuries, values diversity and inclusion in all aspects of university life. As an institution expressly founded to advance the education of Mexican Americans and other underserved communities, our university is committed to ending generations of discrimination and inequity. UTSA, a premier public research university, fosters academic excellence through a community of dialogue, discovery and innovation that embraces the uniqueness of each voice.