- Jul 27, 2015
- 5,459
- Content source
- https://www.theregister.com/2022/08/16/vnc_cyble_endpoints/
Thousands of machines on the public internet can be remotely controlled via VNC without any authentication, a cybersecurity vendor has reminded us this month.
These boxes, minus any that are honeypot devices, provide an easy, unhindered route into corporate networks, critical infrastructure, and other computer systems, for miscreants, spies, and ransomware slingers, potentially. Researchers at Cyble said they found more than 8,000 internet-facing VNC endpoints around the world that could be easily accessed without any kind of password. Indeed, a quick glance at Shodan.io just now revealed more than 640,000 machine exposing VNC services to the planet, though not all of them will be lacking authentication checks. We previously warned of open VNC systems here.
The Cyble team said as well as those thousands of unprotected endpoints it found, it witnessed miscreants and bots scanning the 'net for active services on the default VNC TCP port 5900, detecting about seven surges of such activity between July 9 and August 9. This, we're told, totaled more than six million attempts to detect running VNC services. Most of those scans came from the Netherlands, Russia, and Ukraine, said Cyble.
Thousands of public systems still use password-less VNC
Let alone the ones with 123456 to login. How sophisticated do attackers really need to be?
www.theregister.com