Thousands of VNC endpoints are found exposed online

August 18, 2022
VNC Endpoints Remote Access Exposed Network Virtual Network Computing Network Infiltration

Over 9,000 VNC (Virtual Network Computing) endpoints were exposed online, allowing malicious actors to access and use them without authentication that could give them entry to internal networks. The researchers underlined that unsecured VNC endpoints could create an entry for unauthorised entities, especially cybercriminals waiting for their chance to hack into corporate systems.

Several VNCs used worldwide are utilised for many critical systems for communities, such as water treatment facilities and industrial control systems. Hence, once they are compromised, a wide scope of victims could be affected depending on the system in which a VNC is used.

 

Security researchers found the exposed internet-facing VNC servers without passwords while undergoing web threat scanning.

 

Based on the analysis, most of the identified unprotected servers have originated from Sweden, China, the US, Brazil, and Spain. The researchers also learned that some industrial control systems are involved in the exposed VNCs, which concerned them since these systems are too critical to be compromised.

As the researchers narrowed their investigation, they attempted to explore some cases of the exposed VNCs, including one that had led to access to an HMI system (Human Machine System) for controlling pumps on a remote SCADA system in a manufacturing unit.

Furthermore, the analysis revealed that more than six million requests in a month were detected for threat actors trying to target exposed VNC servers through its default port, port 5900. These attempts have mostly come from Russia, the Netherlands, and the US.

It was also found that hacking forums are one of the top places threat actors look for exposed or cracked VNCs. It is because services on the dark web often offer deeper access for network infiltration. Hackers may also abuse several factors once they get ahold of an exposed VNC server, including opening and downloading files and running arbitrary commands.

As many reasons could cause the exposure of the VNCs, the experts highlight that it is setting up poor passwords that have mostly instigated it. They also added that since these servers are easily accessed for security investigations, hackers could work on them even more.

About the author