Virtual network computing (VNC) endpoints that can view and utilize credentials were reported to be vulnerable on at least 9,000 occasions, giving hackers simple access to the data.
The platform-independent system referred to as Network Computing (VNC) enables users to remotely control other computers, most of which have limited monitoring and adjusting capabilities. Therefore, anyone who compromises VNCs will eventually have access to the underlying systems.
The endpoints can act as access points for unauthorized access, including hackers with malevolent intentions if they are not fully secured with a password, which is frequently the result of neglect, error, or a decision made out of convenience.
As per researchers, the risk of each exposed VNC relies on the kind of underlying system it is in charge of. Some people are discovered to be in charge of a municipality's water control systems, which is quite serious.
Research Analysis
Over 9,000 vulnerable servers were found when Cyble's security researchers searched the web for internet-facing VNC instances without passwords. China and Sweden are home to the majority of exposed instances, while the United States, Spain, and Brazil round out the top 5 with sizable numbers of unprotected VNCs.
The fact that some of these open VNC instances were for industrial control systems, that should never be accessible to the Internet, only made the situation worse, according to Cyble. Under one of the examined cases, the unencrypted VNC access connected to an HMI for controlling pumps on a remote SCADA system in a nameless manufacturing facility.
Cyble employed its cyber-intelligence systems to keep a watch out for attacks on port 5900, the standard port for VNC, to assess how frequently attackers target these servers. In a single month, Cyble counted more than six million requests. The Netherlands, Russia, and the United States were the major countries from which to access VNC servers.
On hacker forums, there is a large market for accessing vital networks via exposed or compromised VNCs because this kind of access can be utilized for more in-depth network espionage. In other circumstances, security experts provide guidance on how users might actively scan for and find these vulnerable instances.
A long list of exposed VNC instances with very weak or no passwords is presented in a post on a darknet forum that Bleeping Computer has seen.
In this sense, it's crucial to keep in mind that many VNC systems do not accept passwords longer than eight characters, making it essentially unsafe even when both the sessions and the passwords are encrypted.
Servers should never be exposed to the Internet directly, and if they must be accessed remotely, they should at least be hidden behind a VPN to protect access to the servers.
