On Sunday, Researchers found out that over 9,000 exposed VNC (virtual network computing) endpoints can be accessed and used without authentication, letting hackers easily access internal networks.
VNC is a platform-independent system that is designed to help users connect to systems that needs monitoring and adjustments, offering control of a remote computer via RFB (remote frame buffer protocol) over a network connection.
If these endpoints aren’t secured properly with a password, which is often the result of negligence, error, or a decision taken for convenience, they can be served as entry points for unauthorized users, including hackers with malicious intentions.
Depending on what systems lie behind the exposed VNCs, like, for example, water treatment facilities the implications of abusing access could be devastating for entire communities, Bleeping Computer reports.
At Cyble, Security weakness hunters scanned the web for internet-facing VNC instances with no password and discover over 9,000 accessible servers.
The location of most of the exposed instances is in China and Sweden, while the United States, Spain, and Brazil followed in the top 5 with significant volumes of unprotected VNCs.
Cyble finds some of these exposed VNC instances to be for industrial control systems, which should never be exposed to the Internet.
