Expert Commentary: Thousands Of Exposed VNC Instances Exposed

By   ISBuzz Team
Writer , Information Security Buzz | Aug 17, 2022 04:11 am PST

As you may have heard, 8,000 internet-accessible VNC instances were exposed due to disabled authentication. Security researchers found that these instances were managed by critical infrastructure organizations such as water treatment plants, manufacturing plants, and research facilities. With authentication disabled, malicious actors could potentially hijack these endpoints and the industrial control systems they’re often connected to.

While VNC has been handy during COVID by allowing users to remotely control IT/IOT infrastructure assets, the lack of safety measures and security checks resulting in this vulnerability makes it fairly easy for intruders to penetrate the victim’s network and create havoc.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Keith Neilson
Keith Neilson , Technical Evangelist
August 17, 2022 12:12 pm

Businesses must increase the visibility and risk management strategies of their IT infrastructure as they adopt technologies that broaden remote access to their IT estate. Siloed approaches to managing decentralized IT environments result in instances where outdated and yet-to-be-discovered vulnerabilities can be exploited by malicious attackers, posing a crucial risk to critical data within organizations.

Cyber asset management addresses this lack of visibility head-on, beginning with an integrated, holistic inventory of all cyber assets and access points within a company’s IT estate. Once real-time observability into the entire attack surface is secured, companies can establish advanced governance policies to remediate abnormalities and vulnerabilities before they are exploited.

Last edited 1 year ago by Keith Neilson

Recent Posts

Would love your thoughts, please comment.x