Threats surrounding Virtual Network Computing laid bare as attacks targeting critical infrastructure increase.

cyber security
Credit: Dreamstime

New research from threat intelligence and cyber security company Cyble has identified a peak in attacks targeting virtual network computing (VNC) – a graphical desktop-sharing system that uses the Remote Frame Buffer (RFB) protocol to control another machine remotely – in critical infrastructure sectors.

By analysing the data from its Global Sensor Intelligence (CGSI), Cyble researchers noticed a spike in attacks on port 5900 (the default port for VNC) between July 9 and August 9, 2022. Most attacks originated from the Netherlands, Russia, and Ukraine, according to the firm, and highlight the risks of exposed VNC in critical infrastructure.

Exposed VNC putting ICS at risk, assets frequently distributed on cybercrime forums

According to a blog posting detailing Cyble’s findings, organisations that expose VNCs over the internet by failing to enable authentication broaden the scope for attackers and increase the likelihood of cyber incidents. It detected more than 8,000 exposed VNC instances with authentication disabled. 

Cyble also found that exposed assets connected via VNCs are frequently sold, bought, and distributed on cyber crime forums and market.

“Even though the count of exposed VNCs is low compared to previous years, it should be noted that the exposed VNCs found during the time of analysis belong to various organisations that come under critical infrastructures such as water treatment plants, manufacturing plants, research facilities,” the firm added. 

Cyble researchers were able to narrow down multiple human machine interface (HMI) systems, Supervisory Control and Data Acquisition Systems (SCADA), and workstations, connected via VNC and exposed over the internet.

An attacker gaining access a dashboard “can manipulate the predefined settings of the operator and can change the values of temperature, flow, pressure, etc., which might increase the stress on the equipment resulting in physical damage to the site and potentially nearby operators,” Cyble wrote. 

Exposed SCADA systems could also be operated by an attacker, who could additionally gain insights into confidential and sensitive intelligence which can be further used to compromise the complete ICS environment, it continued. 

“Exposing systems like this allows attackers to target a particular component within the environment and start a chain of events by manipulating various processes involved in the targeted facility.”

Vulnerable VNC an easy target for attackers

Speaking to CSO, John Bambenek, principal threat hunter at Netenrich, says that VNC allows for access to a target machine and has woefully insufficient tools to protect those machines – even when passwords are used. 

“The harms that can be caused depend on the organisation and user permissions that VNC is running under. In one example, a ministry of health system was exposed, which means private health information is exposed,” he says.

Tim Silverline, vice president of security at Gluware, concurs. “Remote desktop services such as VNC are some of the easiest targets for hackers to identify because they operate on well-known default ports and there are many tools out there to both scan for these services and brute-force the passwords of the ones they find,” he tells CSO.

Any organisation that runs remote access services that are public facing with unconfigured authentication are essentially putting up the welcome sign for adversaries, adds Rick Holland, CISO, vice president strategy at Digital Shadows. 

“Finding these types of open services is trivial, so any actor, from script kiddies to sophisticated actors, could leverage these misconfigurations to gain initial access to the environment.”

One of the challenges with defending critical infrastructure environments is that many defenders assume that there is an air gap separating traditional IT networks from ICS networks, Holland says. 

“Segmented networks aren’t always in place, and defenders must have real-time visibility into public-facing services. These services must have network access restricted with strong authentication enabled, including certificate-based authentication.”

Silverline advises business to limit their VNC internet exposure and to mandate multi-factor authentication (MFA) for any remote connectivity into a network, including through VPN or directly through protocols like RDP, VNC, or SSH. “This prevents brute-force attempts from succeeding and substantially increases the difficulty of a hacker to gain access to the network.”


New genetic variation from old and exotic varieties for environmentally friendly wheat cultivation

In addition to the almost 9,000 winter wheat accessions, the scientists also grew elite varieties in the trial field and investigated resistance to yellow rust, among other traits. Credit: IPK Leibniz Institute/ C. Martin Gene banks worldwide make an important contribution to the conservation of biological diversity. In the ...

View more: New genetic variation from old and exotic varieties for environmentally friendly wheat cultivation

Multi-organ chip detects dangerous nanoparticles

Computational grid for thermal simulation with a magnified representation of the NanoCube exposure device. The aerosol sections are in yellow, the other sections are either components or air sections. Credit: Fraunhofer SCAI What happens when we breathe in nanoparticles emitted by, for example, a laser printer? Could these nanoparticles ...

View more: Multi-organ chip detects dangerous nanoparticles

Bad roads reduce trade volumes by 18%

Distance versus travel time in intra- and international bilateral links. Notes: Average excess distance is the %-ratio between road distance and great circle distance, both in km. Avg. road speed denotes the average travel speed on the fastest road connection, in km/h, while avg. direct speed refers to the ...

View more: Bad roads reduce trade volumes by 18%

New online portal aims to improve parks and green spaces around the world

Credit: Pixabay/CC0 Public Domain The Parks & Green Space Research Portal promotes collaboration and shared research between academics and parks professionals worldwide. The portal—a collaboration between the Department of Landscape Architecture, University of Leeds, the Green Flag Award scheme and environmental charity Keep Britain Tidy—enables users to exchange expertise ...

View more: New online portal aims to improve parks and green spaces around the world

Manufacturing microscopic octopuses with a 3D printer

Smart polymers with “life-like” properties: due to dynamic chemical bonds the micrometric 3D structures can grow eight-fold in just a few hours and harden. Scale: 20 micrometers (µm). Credit: Christoph Spiegel (Heidelberg University). Adapted from Y. Jia et. al, Adv. Funct. Mater. 2022, 2207826 (CC BY 4.0) Although just ...

View more: Manufacturing microscopic octopuses with a 3D printer

Protein family shows how life adapted to oxygen

The catalytic fold of the ribonucleotide reductase (RNR) family is a unique 10-stranded ɑ/β barrel, consisting of 10 β-strands (light green) and 8 ɑ-helices (light blue). (A) Each half of the barrel contains a five-stranded parallel β-sheet (βA-βE and βF-βJ) that is arranged in anti-parallel orientation with respect to ...

View more: Protein family shows how life adapted to oxygen

Driving high? Chemists make strides toward marijuana breath analyzer

The researchers’ THC-powered fuel cell sensor, with its H-shaped glass chamber. Credit: Evan Darzi A UCLA chemist and colleagues are now a step closer to their goal of developing a handheld tool similar to an alcohol Breathalyzer that can detect THC on a person’s breath after they’ve smoked marijuana. ...

View more: Driving high? Chemists make strides toward marijuana breath analyzer

Alain Aspect, Nobel-winning father of quantum entanglement

Alain Aspect, one of three physics Nobel winners, helped pave the way for what he calls the ‘second quantum revolution’ Alain Aspect, who won a long-expected Nobel Physics Prize on Tuesday, not only helped prove the strange theory of quantum entanglement but also inspired a generation of physicists in ...

View more: Alain Aspect, Nobel-winning father of quantum entanglement

Reports say the CIA is trying to resurrect woolly mammoths

Hackers are breaching scam sites to hijack crypto transactions

Businesses Move to Combat Waning Customer Loyalty with Pre-Emptive Service Technology, Says Pega Study

Is your business ready for web 3.0?

Pentest People launches SecurePortal 2.0, expands PTaaS and hires senior Incident Response specialist

Why emergency landing site evaluation for autonomous aircraft systems is a data problem

Lack of digital skills is jeopardising UK business growth, AND Digital reveals

Swedish-based SaaS platform partners with travel risk intelligence company 

Jigsaw24 relocates London office to foster better client collaboration as it looks to the next stage of its 30 year growth journey

Introducing Tenable One: Industry-First Exposure Management Platform

Dynatrace Launches Grail for Boundless Observability, Security, and Business Analytics

A look inside Amazon's new Minnesota facility: Prayer rooms, ablution stations and 'Chutes and Ladders'


Top Car News Car News