Exposed VNC Servers Pose Security Risks to U.S. Industrial Control Systems
Recent research by Forescout has revealed that millions of Remote Desktop Protocol (RDP) and Virtual Network Computing (VNC) servers are exposed to the internet, with hundreds potentially providing access to industrial control systems (ICS) and operational technology (OT). These servers, primarily located in China and the United States, are often used for remote access but should not be directly exposed without secure gateways. The study found that a significant number of these servers are linked to industries such as retail, education, services, manufacturing, and healthcare. Alarmingly, many of these servers run outdated Windows versions vulnerable to the BlueKeep exploit, and nearly 60,000 VNC servers lack authentication. This situation poses a substantial risk as attackers could gain access to cyber-physical systems (CPS), with Russia-linked hackers previously targeting OT systems via VNC. 
