• World CyberCon India
Firewall Daily Vulnerabilties

Hackers Exploit Exposed VNCs, Access Systems Without Passwords

The exposed VNCs were from critical infrastructure-related organizations, research facilities, water treatment plants, manufacturing plants, etc.

Hackers Exploit Exposed VNCs, Access Systems Without Passwords
  • PublishedAugust 15, 2022

The Cyble Global Sensor Intelligence (CGSI) shed light on desktops getting hacked using exposed Virtual Network Computing (VNC). Over 8000 incidents came to light where hackers used exposed VNC to access computers remotely.

Globally Exposed VNCs (Authentication Disabled) – Cyble

Since these VNC endpoints did not need authentication, threat actors could access systems in several countries like China, Sweden, and the U.S. Names, IP addresses, connected devices etc., were compromised. Among the top five exposed countries, China had 1,555 VNCs, Sweden had 1,506, the U.S. had 835, Spain had 555, and Brazil had 529.

Top 5 countries with exposed VNCs – Cyble Research

According to the report, the exposed VNCs were from critical infrastructure-related organizations, research facilities, water treatment plants, manufacturing plants, etc. This questioned the security of national data that may get into the hands of miscreants. The data from Cyble showed that on Port 5900, there was an increased number of attacks. This is based on the attacks monitored between July 9 to August 9, 2022.

Hackers Hack VNCs
Origin point of attacks on port 5900 – Cyble Report

The research revealed that hacking into the Ministry of Health system in the Omsk region, Russia, did not need their password. Multiple Human Machine Interface (HMI) systems, Supervisory Control and Data Acquisition Systems (SCADA), workstations etc., were compromised through the internet as they were connected using exposed VNCs. The attacks were traced back to Netherlands, Russia, and Ukraine.

Illegal buying and selling data hacked using connected exposed VNCs is on a rise. Not requiring authentication or log-in credentials such as passwords has made systems across the globe easy to be spied on using open VNC ports. Access to VNC was initially used to connect systems and remote monitoring and control computers using the Remote Frame Buffer (RFB) protocol.

Data from conversations about buying and selling access to large gaming companies and factories in ‘stock’ were unearthed. Malicious actors collect the data from search results to find organizations with exposed VNCs. They can change the settings of systems, affect the maintenance of equipment running on set credentials, and potentially damage infrastructure. This means that hackers and threat actors can also change orders and data in the systems they access, leading to confusion and impacting security measures.

Written By
Editorial

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.

2 Comments

  • […] Apart from hashing the passwords, Plex has been securing all its data in accordance with the best practices. Moreover, since Plex doesn’t store payment details and credit card data on its servers, this information was unavailable to the hackers. […]

  • […] the data exposed by the glitch, the taxpayers’ Individual Retirement Account (IRA) was also revealed, which was not meant for the public. IRS released the incident report on Friday and mentioned that […]

Comments are closed.