Millions of RDP and VNC servers are exposed to the internet—Forescout found roughly 1.8 million RDP and 1.6 million VNC instances, with tens of thousands tied to specific industries and hundreds providing unauthenticated access to ICS/OT panels. Many systems run unsupported Windows versions (over 19,000 RDP servers vulnerable to BlueKeep), and both Russia-linked groups like Infrastructure Destruction Squad/Dark Engine and criminal botnets such as Redheberg have been observed scanning, exploiting, or selling access to these systems. #InfrastructureDestructionSquad #BlueKeep
Keypoints
- Forescout identified about 1.8 million RDP and 1.6 million VNC servers exposed on the internet.
- Tens of thousands of exposed servers are linked to industries including retail, education, manufacturing, healthcare, and services.
- Over 19,000 RDP servers are vulnerable to BlueKeep and many exposed systems run end-of-life Windows versions.
- Nearly 60,000 VNC servers lack authentication, and 670 provide direct unauthenticated access to ICS/OT panels.
- Threat actors—including Russia-linked groups and the Redheberg botnet—are actively scanning for and exploiting exposed remote access systems; use secure remote access solutions to mitigate risk.
Read More: https://www.securityweek.com/hundreds-of-internet-facing-vnc-servers-expose-ics-ot/