8,000 Unprotected VNCs Put Global CNI Organizations at High Risk
Researchers discovered over 8,000 unprotected virtual network computing instances exposing critical infrastructure networks, from water treatment plants to research facilities, to potential cyber-attacks. Here’s how organizations can strengthen VNC security and how SASE offers an innovative way to protect critical systems.
2024-01-18
'%3e%3cpath%20d='M4%204L15.733%2020H20L8.267%204H4Z'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4%2020L10.768%2013.232M13.228%2010.772L20%204'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_8149_16006'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M5.37214%2023.8745H0.396429V8.10162H5.37214V23.8745ZM2.88161%205.95006C1.29054%205.95006%200%204.65279%200%203.08658C1.13882e-08%202.33427%200.303597%201.61278%200.844003%201.08082C1.38441%200.548853%202.11736%200.25%202.88161%200.25C3.64586%200.25%204.3788%200.548853%204.91921%201.08082C5.45962%201.61278%205.76321%202.33427%205.76321%203.08658C5.76321%204.65279%204.47214%205.95006%202.88161%205.95006ZM23.9946%2023.8745H19.0296V16.1963C19.0296%2014.3665%2018.9921%2012.0198%2016.4427%2012.0198C13.8557%2012.0198%2013.4593%2014.0079%2013.4593%2016.0645V23.8745H8.48893V8.10162H13.2611V10.2532H13.3307C13.995%209.01393%2015.6177%207.70611%2018.0386%207.70611C23.0743%207.70611%2024%2010.9704%2024%2015.2102V23.8745H23.9946Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24588'%3e%3crect%20width='24'%20height='27'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M13.957%2014.75L14.668%2010.0848H10.2225V7.05745C10.2225%205.78115%2010.8435%204.53707%2012.8345%204.53707H14.8555V0.565174C14.8555%200.565174%2013.0215%200.25%2011.268%200.25C7.60703%200.25%205.21403%202.48441%205.21403%206.52931V10.0848H1.14453V14.75H5.21403V26.0278H10.2225V14.75H13.957Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24590'%3e%3crect%20width='16'%20height='25.7778'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
8,000 Unprotected Virtual Network Instances Expose Critical Infrastructure: What You Need to Know
In a recent discovery, researchers identified over 8,000 instances of unprotected Virtual Network Computing (VNC), raising serious security concerns for critical infrastructure (CNI) organizations worldwide. These organizations, which oversee essential systems like water treatment facilities, industrial factories, and research centers, now face the risk of unauthorized access and potential exploitation. With authentication protocols left disabled, cybercriminals have a clear path to hijack endpoints, potentially gaining control over industrial control systems (ICS).
VNC is a powerful cross-platform tool enabling remote control over devices, making it popular in industrial and operational technology environments. However, without robust security measures, VNC instances become an open invitation for attackers. Etay Maor, Senior Director of Security Strategy at Cato Networks, emphasizes that unprotected VNCs create vulnerabilities within critical infrastructure, necessitating strategic interventions, such as SASE’s cloud-based security approach, to maintain a high level of protection.
Why Unprotected VNCs Are a Major Threat to CNI
For organizations that manage essential services, any compromise can result in catastrophic impacts. CNI sectors, including energy, water, and healthcare, depend heavily on VNCs for remote monitoring, troubleshooting, and management of industrial systems. When VNC access lacks authentication, it exposes endpoints and ICS to unauthorized remote control, data manipulation, and potential sabotage.
VNCs’ vulnerability arises from factors such as:
- Lack of Authentication Controls: When authentication is disabled, any actor on the internet could potentially access and control these systems.
- Outdated Software and Lack of Maintenance: Older VNC systems may lack essential updates or patches, further increasing vulnerability.
- Misconfigured Network Access: Open network access increases the risk of unauthorized entry, especially if VNC connections are not secured behind a firewall or VPN.
The Role of SASE in Protecting Critical Infrastructure
Security Access Service Edge, or SASE, offers a cloud-based solution to secure network architectures, particularly in environments where legacy systems can’t be taken offline for updates. By deploying virtual patches, SASE allows organizations to manage their critical infrastructure without physically updating each component. This feature is especially crucial for CNI organizations, where interruptions to ICS could lead to service disruptions or safety hazards.
SASE’s Key Advantages for VNC and CNI security include:
- Unified Security Policies: SASE enables centralized management, ensuring consistent security protocols across different remote access points.
- Reduced Vulnerability to Legacy System Risks: By using virtual patches, SASE can secure outdated VNC instances without needing full updates, which can be logistically challenging in legacy environments.
- Integrated Threat Intelligence: SASE uses real-time threat data to proactively protect network endpoints, reducing the likelihood of successful exploitation attempts.
For CNI organizations, transitioning to a SASE model can mitigate risks associated with VNC by bolstering endpoint security through a cloud-based, comprehensive, and adaptive framework.
VNC Security Best Practices for CNI Organizations
To protect against potential threats, organizations managing critical infrastructure should consider the following VNC security practices:
1. Enable Strong Authentication
Disabling VNC’s built-in authentication creates vulnerabilities that can be exploited easily. Instead, organizations should enable multi-factor authentication (MFA) to strengthen access control.
2. Regularly Update and Patch Systems
Outdated software is a significant security weakness. IT teams should establish a routine patching schedule or leverage virtual patching solutions through SASE to protect VNC instances.
3. Segment Networks
Network segmentation limits the scope of any unauthorized access. By separating VNC-controlled systems from sensitive ICS and data networks, organizations reduce the risk of widespread compromise.
4. Use Secure Network Configurations
A firewall should be configured to restrict access to VNC, allowing connections only from trusted IP addresses or through a VPN. This restricts VNC access to authorized personnel and adds a critical layer of security.
5. Monitor Network Traffic and Access Logs
Continuous monitoring of network activity and VNC access logs can help organizations quickly identify and respond to any suspicious behavior.
How Cato Networks’ SASE Solution Enhances VNC Security
Cato Networks has emerged as a leader in securing cloud-based access services, particularly for organizations requiring seamless and safe remote connections. The Cato SASE platform combines advanced threat detection, virtual patching, and unified management to provide a robust security framework for VNC and other remote access tools.
According to Etay Maor, SASE’s cloud services allow critical infrastructure organizations to apply virtual patches that secure internal infrastructures against emerging threats without disrupting service. This means CNI organizations can benefit from comprehensive security controls even if they rely on legacy systems that can’t be regularly updated.
By adopting SASE’s cloud-based approach, organizations benefit from the following:
- Reduced Downtime: Virtual patching prevents the need to take systems offline, reducing operational disruptions.
- Improved Compliance: CNI organizations are subject to strict compliance requirements. SASE’s robust security protocols can help meet industry standards, including those mandating stringent access control for ICS.
- Enhanced Threat Visibility: Cato’s SASE platform offers real-time monitoring and threat intelligence, enabling rapid response to any detected anomalies.
Moving Forward: Protecting CNI with Comprehensive VNC Security
As critical infrastructure continues to rely on remote access tools like VNC, the importance of secure, cloud-based solutions will only grow. By leveraging SASE’s virtual patching and centralized management capabilities, organizations in essential sectors can protect their infrastructure without sacrificing service efficiency or accessibility.
Editor’s note: This blog was updated November 13, 2024
SHARE ON