Researchers at Cyble discovered over 8,000 exposed VNC (virtual network computing) endpoints that allow access to networks without authentication. VNC is a graphical desktop-sharing system that allows control of another machine remotely. It mirrors graphical screen changes as well as keyboard and mouse inputs from one machine to another. Many of the exposed VNC’s found belonged to industrial control systems that should never be exposed.
“the exposed VNCs found during the time of analysis belong to various organizations that come under Critical Infrastructures such as water treatment plants, manufacturing plants, research facilities, etc. During the course of the investigation, researchers were able to narrow down multiple Human Machine Interface (HMI) systems, Supervisory Control And Data Acquisition Systems (SCADA), Workstations, etc., connected via VNC and exposed over the internet.…
“A successful cyberattack by any ransomware, data extortion, Advanced Persistent Threat (APT) groups, or other sophisticated cybercriminals is usually preceded by an initial compromise into the victim’s enterprise network. An organization leaving exposed VNCs over the internet broadens the scope for attackers and drastically increases the likelihood of cyber incidents.
“Our investigation found that selling, buying, and distributing exposed assets connected via VNCs are frequently on cybercrime forums and markets.”