Security News > 2022 > August > Over 9,000 VNC servers exposed online without a password
Researchers have discovered at least 9,000 exposed VNC endpoints that can be accessed and used without authentication, allowing threat actors easy access to internal networks.
Security weakness hunters at Cyble scanned the web for internet-facing VNC instances with no password and found over 9,000 accessible servers.
Most of the exposed instances are located in China and Sweden, while the United States, Spain, and Brazil followed in the top 5 with significant volumes of unprotected VNCs. To make matters worse, Cybcle found some of these exposed VNC instances to be for industrial control systems, which should never be exposed to the Internet.
"During the course of the investigation, researchers were able to narrow down multiple Human Machine Interface systems, Supervisory Control And Data Acquisition Systems, Workstations, etc., connected via VNC and exposed over the internet," details Cyble in the report.
To see how often attackers target VNC servers, Cyble used its cyber-intelligence tools to monitor for attacks on port 5900, the default port for VNC. Cyble found that there were over six million requests over one month.
VNC admins are advised to never expose servers directly to the Internet, and if they must be remotely accessible, at least place them behind a VPN to secure access to the servers.