The virtual network computing technology, which enables remote desktop sharing, is frequently used by computer users who need technical support, are away from home, or want to access a second machine. However, cybersecurity company Cyble has discovered over 8,000 instances of VNC that are not user authenticated, including numerous exposed installations in China, Western Europe, and the United States.
According to a cybersecurity firm, a software package intended to permit legitimate remote access to computer desktops contains flaws that expose controllers of vital infrastructure to cyberattacks.
According to the business, the attacks frequently targeted companies that managed vital infrastructure, and in one instance, a hacker was able to penetrate the Russian Ministry of Health. Members are selling data collected through open VNC ports on several hacking forums, it was added.
Between July 9 and August 9, Cyble discovered more than 1,500 exposed installations in China, more than 800 in Sweden, and more than 600,000 hacking attempts on networking port 5900, the default port for VNC.
Although VNC-based assaults are not new, it is crucial to highlight the possible consequences for other enterprises and key infrastructure, according to cybersecurity experts.
“A successful cyberattack by any ransomware, data extortion, advanced persistent threat groups, or other sophisticated cybercriminals is usually preceded by an initial compromise into the victim’s enterprise network,” Cyble’s researchers said. “An organization leaving exposed VNCs over the internet broadens the scope for attackers and drastically increases the likelihood of cyber incidents.”
Garrett Carstens, the director of Intel collection management at Intel 471, a cybersecurity firm, warned that hackers might employ VNC assaults on operators of vital infrastructure to steal data, cause damage, enact ransomware schemes, or destroy data.
“Threat actors are constantly on the lookout for initial accesses into organizations,” Carstens told the Washington Examiner. “An initial access will be reviewed, assessed, and, if viable, used for follow-on attacks.”
Chris Clymer, the director and chief information security officer at Inversion6, a cybersecurity risk management company, added that while VNC attacks should be well-known on traditional IT networks, organisations running so-called operational technology systems, such as industrial control systems connected to manufacturing equipment, power plants, pipelines, and other critical infrastructure, may be less familiar. In recent years, as businesses started to adopt the Internet of Things for remote infrastructure control and monitoring, many of these control systems have been linked to the larger internet.
These industrial control systems have “taken these latent vulnerabilities like VNC and placed them out there to be taken advantage of,” according to Clymer, by becoming more accessible. Only a few firms are beginning to invest in and concentrate on security in the OT arena, which is “far, far behind when it comes to security.” According to Bill Moore, the founder and CEO of XONA, a provider of OT security, “antiquated” industrial control systems have recently been linked to the internet.
“This is a growing problem as well because unless these systems have been audited, they may not be aware they are even running a VNC service,” he told. The recent convergence of IT and OT systems “has increased vulnerabilities and made OT systems, many of which were never intended to be connected to the internet, a more available and attractive target for threat actors.” Because it may grant them full system access and is frequently protected with flimsy or no authentication, VNC has long been a favoured target of hackers, according to Clymer. When searching for security flaws in a business’s networks, penetration testers typically focus on VNC, he continued.
“Every time I’ve seen a tester find VNC available on a network, they are immediately doing the happy dance,” he said. “They have a plethora of attacks to use and almost always find a way into a system running VNC.”