cybersecurity, hackers, passwords, remote access

Researchers have discovered at least 9,000 exposed VNC (virtual network computing) endpoints that can be accessed and used without authentication, allowing threat actors easy access to internal networks.

VNC (virtual network computing) is a platform-independent system meant to help users connect to systems that require monitoring and adjustments, offering control of a remote computer via RFB (remote frame buffer protocol) over a network connection.

If these endpoints aren’t properly secured with a password, which is often the result of negligence, error, or a decision taken for convenience, they can serve as entry points for unauthorized users, including threat actors with malicious intentions.

Depending on what systems lie behind the exposed VNCs, like, for example, water treatment facilities, the implications of abusing access could be devastating for entire communities.

Alarming findings

Security weakness hunters at Cyble scanned the web for internet-facing VNC instances with no password and found over 9,000 accessible servers.

cybersecurity, hackers, passwords, remote access

Unsecured VNCs spread across the world (Cyble)

Most of the exposed instances are located in China and Sweden, while the United States, Spain, and Brazil followed in the top 5 with significant volumes of unprotected VNCs.

cybersecurity, hackers, passwords, remote access

Countries with the most exposed VNC instances (Cyble)

To make matters worse, Cybcle found some of these exposed VNC instances to be for industrial control systems, which should never be exposed to the Internet.

“During the course of the investigation, researchers were able to narrow down multiple Human Machine Interface (HMI) systems, Supervisory Control And Data Acquisition Systems (SCADA), Workstations, etc., connected via VNC and exposed over the internet,” details Cyble in the report.

In one of the explored cases, the exposed VNC access led to an HMI for controlling pumps on a remote SCADA system in an unnamed manufacturing unit.

cybersecurity, hackers, passwords, remote access

Accessing a pump-controlling HMI over an unprotected VNC (Cyble)

To see how often attackers target VNC servers, Cyble used its cyber-intelligence tools to monitor for attacks on port 5900, the default port for VNC. Cyble found that there were over six million requests over one month.

Most attempts to access VNC servers originated from the Netherlands, Russia, and the United States.

Demand for VNC access

Demand for accessing critical networks via exposed or cracked VNCs is high on hacker forums, as this kind of access can, under certain circumstances, be used for deeper network infiltration.

cybersecurity, hackers, passwords, remote access

Threat actor asking to buy VNC access

“Adversaries may abuse VNC to perform malicious actions as the logged-on user such as opening documents, downloading files, and running arbitrary commands,” a Cyble researcher told Bleeping Computer during a private discussion.

“An adversary could use VNC to remotely control and monitor a system to collect data and information to pivot to other systems within the network.”

In other cases, security enthusiasts offer instructions on how users can scan and locate these exposed instances on their own.

cybersecurity, hackers, passwords, remote access

Instructions on how to find exposed VNCs

A darknet forum post seen by Bleeping Computer features a long list of exposed VNC instances with very weak or no passwords.

cybersecurity, hackers, passwords, remote access

List VNCs with weak or no passwords

The case of weak passwords raises another concern around VNC security, as Cyble’s investigation only focused on instances that had the authentication layer completely disabled.

If poorly secured servers whose passwords are easy to crack were included in the investigation, the number of potentially vulnerable instances would be much more significant.

On that front, it is essential to remember that many VNC products do not support passwords longer than eight characters, so they are inherently insecure even when the sessions and passwords are encrypted.

VNC admins are advised to never expose servers directly to the Internet, and if they must be remotely accessible, at least place them behind a VPN to secure access to the servers.

Even then, admins should always add a password to instances to restrict access to the VNC servers.

TECH NEWS RELATED

Corsair's super slim K100 Air is the best looking keyboard of the year

The slim profile and brushed metal are gorgeous, but has a price to match.

View more: Corsair's super slim K100 Air is the best looking keyboard of the year

OnePlus Buds Pro 2 leaked specifications hint at new color variant

The OnePlus Buds Pro 2 TWS earbuds’ full specifications have been tipped by a reliable tipster ahead of their official unveiling. OnePlus is reportedly prepping to take the wraps off its new true wireless earbuds. The upcoming audio device is likely to carry the OnePlus Buds Pro 2 moniker. The ...

View more: OnePlus Buds Pro 2 leaked specifications hint at new color variant

Taiwan IC design houses upbeat about automotive ICs in 2023

With cars getting more and larger on-board displays, Taiwan-based IC design houses are generally optimistic about demand for display driver ICs (DDI), touch and display driver integration (TDDI) and other automotive ICs in 2023, according to industry sources. Automotive central information displays and dashboards are being developed with larger ...

View more: Taiwan IC design houses upbeat about automotive ICs in 2023

Dell launches new security resources to enhance zero-trust adoption, cyber resilience

Dell announces several new cyber security resources including a Zero Trust Center of Excellence.

View more: Dell launches new security resources to enhance zero-trust adoption, cyber resilience

VMware embraces DPUs to stretch the use of CPUs

VMware eases the use of SmartNICs based on digital processing units to handle networking, security, storage, and other processes, freeing up enterprise-server CPU cycles.

View more: VMware embraces DPUs to stretch the use of CPUs

Tesla Moves Away from Ultrasonic Sensors For Tesla Vision

Tesla has announced that it will not use its Ultrasonic Sensors (USS) in its Autopilot sensors to make way for the Tesla Vision system, according to Electrek. (Photo : Justin Sullivan/Getty Images)FREMONT, CA – SEPTEMBER 29: Tesla CEO Elon Musk speaks during an event to launch the new Tesla Model ...

View more: Tesla Moves Away from Ultrasonic Sensors For Tesla Vision

SpaceX Crew-5: NASA to send first Native American woman to space

NASA’s SpaceX Crew-5 crew members arrive at Kennedy Space Center, October 1, 2022. /NASA NASA will send the first-ever Native American woman astronaut to orbit aboard SpaceX’s Crew Dragon capsule atop the Falcon 9 rocket on Wednesday. NASA astronaut Nicole Mann will serve as the commander with her fellow ...

View more: SpaceX Crew-5: NASA to send first Native American woman to space

Tenable aims to unify cyber security with exposure management platform

Tenable tackles the issue of siloed security apps with a cloud-based exposure management system that pulls in data from diverse types of systems that track a company’s digital assets and identify vulnerabilities.

View more: Tenable aims to unify cyber security with exposure management platform

HR platform Humaans raises £13m with backing from Slack CEO

Amazon Pulls the Plug on Kids Interactive Gadget Glow

Redmi Pad Malaysia release: Available for purchase starting today, prices from RM899

Samsung Malaysia to host 10.10 sales with up to 40% off on Shopee & Lazada

Loretta Lynn, country music luminary and songwriting pioneer, dies at 90

Apple Accepts TSMC Chip Price Hike for iPhone 15: Report

Xiaomi Band 7 Pro Officially Drops in Europe for Less than $100: Is the Budget Smartwatch Worth It?

Disney+ for PS5 Now Supports 4K HDR — Here’s How to Update

Samsung Galaxy S23 series battery & camera specifications tipped

EVs add to electricity demand, but not as much as you might think

Airoha kicks off symmetric 8Gbps deployments with breakthroughs in XGS-PON technology

WhatsApp will soon block users from screenshotting ‘View Once’ videos and photos

OTHER TECH NEWS

Top Car News Car News