Researchers have discovered 8000 exposed Virtual Network Computing instances, which could put numerous global organisations at risk of remote compromise. As a matter of fact, the instances were managed by critical infrastructure (CNI) organisations, who are responsible for water treatment plants, manufacturing plants and research facilities.
With disabled authentication, malicious actors have the ability to hijack certain endpoints and with it, the industrial control systems these may be connected to. This is because VNC is a cross-platform screen-sharing system, which allows users to remotely control another computer.
Etay Maor, Senior Director of Security Strategy at Cato Networks, comments; “VNCs are fundamentally appliances and each appliance needs to be carefully maintained, upgraded, and patched. It’s the same problem IT has long faced. Moving to a cloud-native SASE service allows critical infrastructure organisations to protect the infrastructure without compromising service delivery. They can apply virtual patches protecting internal infrastructure without having to actually update that infrastructure.”
The researchers warned that exposed VNC deployments could be exploited by malicious actors to sabotage, as well as to steal data, extort their victims and deploy ransomware. As such, all firms running VNC should work to immediately improve their security awareness training, review their access policies and ensure that appropriate firewalls are in place. Most importantly, all devices must be patched and continuously monitored in order to avoid falling victim to this particular attack.