Cyber News Update #57

Few days ago it was published that a hacker was successfully into the network of the train traffic cameras all over Russia.

A user discovered a vulnerability that allows him to penetrate the video surveillance system of Russian Railways. 

According to him, in less than a day, the security teams managed to detect and to close it. 

Information security experts said that now Russian Railways needs to conduct an audit of internal systems to make sure that the attackers who gained access could not go further and make sure they didnt leave anything hidden behind.

In detailed blog post the hacker published an article about how he managed to gain access to the Russian Railways system by exploiting a vulnerability in its perimeter. According to him, the problem was related to non-changed passwords installed by default on MikroTik routers. MikroTik is a latvian telecommunications company that is commonly used by eastern europe and russia.

If we look deeper into this case than this incident shouldnt have happened for two main reasons:

  • Passwords on all network connected devices should be changed frequently according to the organization cyber security policy.
  • Internet exposed devices should be protected by firewalls so users can only connect to it using VPN or other secured connection.
high speed commuter train

However, it is important to note that the fact the organization discovered the attacker and closed the access in less than 24 hours shows it is monitoring its network for cyber security events and was able to contain it quickly.

Whenever you have internet connected device you have to make sure it is protected properly. In addition to firewalls and other means it is also recommended to use proactive measures such as deception technologies and cyber intelligence which can prevent the attackers from successfully executing the attacks.

The European Medicines Agency which is also known as EMA is a decentralised agency responsible for evaluating, monitoring and supervising new medicines introduced to the EU. 

As such, it is accountable for approving any COVID-19 vaccines. 

On 9 December 2020, the EMA released a statement alerting that it had been subject to the cyber-attack.

At the time, it was concluded that only a small number of documents had been accessed, limited to a single IT application as the hackers targeted data relating specifically to the Pfizer COVID-19 vaccine. 

Nevertheless, according to other sources, 

the threat actors accessed Word documents, PDFs, email screenshots, PowerPoint presentations and EMA peer review comments. 

The EMA assured that, despite the breach, its regulatory network is fully operational and that the evaluation and approval of COVID-19 medicines have not been affected by the incident.

This case shows how difficult it can be to trace back the actions of hackers that have been successful, first it was assumed only one server with limited information was accessed but later on evidence that shows more than one server have been hacked appeared.

It is suspected that in this case the hackers tried to change data to influence the credibility of the vaccines. Pfizer new vaccine against covid19 is using innovative technology which is called MRNA,

COVID-19 mRNA vaccines give instructions for our cells to make a harmless piece of what is called the “spike protein.” The spike protein is found on the surface of the virus that causes COVID-19.

In other words its the first time a vaccine that teach the body how to fight a virus is being giving in such large scale.

Many countries like China, Russia, Israel and others developed vaccines that are based on traditional vaccinations and have the interest to make the mRNA vaccines look less credible.

So it might be that the hackers changed data like peer reviews to make the vaccine less credible or maybe to delay its distribution, this attack looks like it might have been nation-state attack and not for profit attack.

Leave a Reply