At least 9,000 exposed virtual network computing endpoints have been found by security weakness hunters at Cyble, and since they don't require authorization or passwords
to use, it is simple for threat actors to access internal networks, BleepingComputer
The majority of exposed instances, according to Cyble, are located in China and Sweden, with the US, Spain and Brazil rounding out the top five with sizable numbers of unprotected VNCs.
Even worse, the researchers discovered that some of these publicly accessible VNC instances to be for industrial control systems, which should never be accessible via the Internet.
On hacker forums, there is a high demand for accessing vital networks via exposed or compromised VNCs because, in some cases, this kind of access can be used for more in-depth network espionage. Since Cyble's investigation was limited to instances where the authentication layer was completely disabled, the case of weak passwords raises another issue regarding VNC security.
The amount of potentially vulnerable instances would be much higher if the investigation included servers with weak security and passwords that are simple to guess. In this regard, it's crucial to keep in mind that many VNC products do not support passwords longer than eight characters, making them inherently unsafe even when both the sessions and the passwords are encrypted.