Multiple organizations worldwide might be at risk of remote hacking due to thousands Virtual Network Computing (VNC) instances being exposed on the internet, including those in the critical infrastructure sectors.
Virtual Network Computing (VNC) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. VNC is platform independent and is compatible with any operating system.
Cybersecurity researchers at Cyble have found more than 8,000 VNC instances available on the internet without authentication, including multiple Human Machine Interface (HMI) systems, Supervisory Control And Data Acquisition Systems (SCADA), Workstations, etc., connected through VNC. In one case, the exposed VNC access led to an HMI for controlling pumps on a remote SCADA system in an unnamed manufacturing unit.
“Malicious hackers can utilize online search engines to narrow down victim organizations with exposed VNCs. They can also abruptly change the set points, rotations, and pump stations, resulting in loss of operations. This can even result in disruption of the supply chain and the processes connected with the affected industries,” Cyble said.
The top 5 countries with the highest number of exposed VNC instances include China (1,555), Sweden (1,506), the United States (835), Spain (555), Brazil (529).
“A successful cyberattack by any ransomware, data extortion, Advanced Persistent Threat (APT) groups, or other sophisticated cybercriminals is usually preceded by an initial compromise into the victim’s enterprise network. An organization leaving exposed VNCs over the internet broadens the scope for attackers and drastically increases the likelihood of cyber incidents,” the researchers have warned.