A user of the Habr website discovered a vulnerability that allows him to penetrate the video surveillance system of Russian Railways. According to him, during the day, the holding's specialists managed to close it. Information security experts said that now Russian Railways needs to conduct an audit of internal systems to make sure that the attackers who gained access could not go further.
Specialists of Russian Railways closed the vulnerability that allowed access to video cameras and internal services of Russian Railways, as follows from the blog of one of the Habr users. Earlier, on the morning of January 13, the author of the blog published an article about how he managed to gain access to the Russian Railways system by exploiting a vulnerability in its perimeter. According to him, the problem was related to non-changed passwords installed by default on MikroTik routers.
"The vulnerability could allow attackers to block all cameras on the railways in a week, which would cost the holding at least 130 million rubles ($1,8 million), and the restoration of video surveillance would take at least a month," warned the hacker.
Russian Railways were unable to promptly confirm information about the vulnerability and its elimination and stressed that illegal access to computer information is a criminal offense.
"After changing the accounts of Russian Railways, it is necessary to check for traces of outsiders in its infrastructure, conduct a large-scale audit of all IT systems, as well as review existing threat detection scenarios", recommended information security expert Alexey Lukatsky.
MikroTik routers, which, according to the author of the blog, are used by Russian Railways, belong to the segment of home and office equipment, and users often leave default passwords on such devices and on video cameras of any manufacturer. Attackers often use this in automated DDoS attacks.
Russian Railways had security problems before: in August 2019, the personal data of 703 thousand employees of the state monopoly were publicly available, and in November 2020, the database of the Russian Railways Bonus website "leaked" to the network.