15 August 2022

Researchers warn of a risk to critical infrastructure due to thousands exposed VNC instances


Researchers warn of a risk to critical infrastructure due to thousands exposed VNC instances

Multiple organizations worldwide might be at risk of remote hacking due to thousands Virtual Network Computing (VNC) instances being exposed on the internet, including those in the critical infrastructure sectors.

Virtual Network Computing (VNC) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. VNC is platform independent and is compatible with any operating system.

Cybersecurity researchers at Cyble have found more than 8,000 VNC instances available on the internet without authentication, including multiple Human Machine Interface (HMI) systems, Supervisory Control And Data Acquisition Systems (SCADA), Workstations, etc., connected through VNC. In one case, the exposed VNC access led to an HMI for controlling pumps on a remote SCADA system in an unnamed manufacturing unit.

“Malicious hackers can utilize online search engines to narrow down victim organizations with exposed VNCs. They can also abruptly change the set points, rotations, and pump stations, resulting in loss of operations. This can even result in disruption of the supply chain and the processes connected with the affected industries,” Cyble said.

The top 5 countries with the highest number of exposed VNC instances include China (1,555),  Sweden (1,506), the United States (835), Spain (555), Brazil (529).

“A successful cyberattack by any ransomware, data extortion, Advanced Persistent Threat (APT) groups, or other sophisticated cybercriminals is usually preceded by an initial compromise into the victim’s enterprise network. An organization leaving exposed VNCs over the internet broadens the scope for attackers and drastically increases the likelihood of cyber incidents,” the researchers have warned.

 

Back to the list

Latest Posts

Cyber security week in review: September 23, 2022

Cyber security week in review: September 23, 2022

The world in brief: Cryptomarket maker Wintermute robbed of $160M in a hack, old Python bug potentially affects 350,000 open-source projects, and more.
23 September 2022
Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

The vulnerable Python tarfile module is found extensively in frameworks created by Netflix, AWS, Intel, Facebook, Google and other software.
22 September 2022
Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

The researchers said they discovered three variants of malicious scripts hidden within GTM containers that function either as e-skimmers or as downloaders for installing e-skimmers.
21 September 2022