Researchers from threat intelligence firm Cyble reported a surge in attacks targeting virtual network computing (VNC).
Researchers from Cyber looked for Virtual Network Computing (VNC) exposed over the internet and discovered over 8000 VNC instances with authentication disabled, most of them in China, Sweden, and the United States.
Cyble observed a surge in attacks on the default port for VNC, port 5900, most of them originated from the Netherlands, Russia, and Ukraine. Exposing VNCs to the internet, increases the likelihood of a cyberattack.
Threat actors could use the access through VNC to carry out a broad range of malicious activities, such as deploying ransomware, malware, or spy on the victims.
