Critical Infrastructure at Risk as Thousands of VNC Instances Exposed
Security researchers have warned that several global organizations are vulnerable to remote compromise due to exposed Virtual Network Computing (VNC) instances. Security researchers at Cyble reported that more than 8,000 VNC instances are vulnerable to attack. The majority of the instances are managed by critical infrastructure organizations located across the world. This includes crucial facilities such as water treatment plants, manufacturing plants, and research facilities. VNC allows users to remotely control another computer, and was created as a cross-platform screen sharing system. However, Cyble recently discovered that malicious actors could leverage authentication errors and hijack endpoints to control systems.
Researchers found that there were several Human Machine Interface (HMI) systems, workstations, and other environments connected via VNC and therefore exposed over the internet. The researchers stated that malicious hackers can seek out victim organizations with exposed VNCs and leverage the issue to abruptly change set points, rotations, and pump stations. These actions could result in loss of operation, disruption of the supply chain, or other consequences. In addition, threat actors could conduct data theft, deploy ransomware, or perform reconnaissance.