Researchers at Cyble have discovered at least 9,000 exposed Virtual Network Computing (VNC) endpoints that can be accessed without authentication, allowing threat actors easy access to internal networks. These platform-independent systems offer control of remote computers via Remote Frame Buffer protocol (RFB) over a network connection. If these endpoints aren’t fully secured with a password, they can be used as an entry point for unauthorized users. Cyble’s report stated, “Researchers were able to narrow down multiple Human Machine Interface (HMI) systems, Supervisory Control and Data Acquisition Systems (SCADA), Workstations, etc., connected via VNC and exposed over the internet.” Cyble began monitoring for attacks on the default port for VNC and found over six million requests over one month. Demand for accessing critical networks is high on hacker forums with users asking to buy VNC access and others providing instructions on how to find exposed VNCs.