VNC accounts for nearly all remote desktop attacks

The platform-independent Virtual Network Computing (VNC) desktop sharing system accounted for 98% of remote desktop attacks in the past year, data from Barracuda indicates. VNC, which is used extensively in critical infrastructure industries including utilities, is heavily targeted by cyber attackers, the data suggests.

The most ubiquitous attack method against VNC and other remote desktop software involves the use of weak, reused or phished credentials, according to Barracuda. These credentials offer an attacker immediate access to the systems the user has access to.

While it is hard to accurately establish the source of VNC attacks, Barracuda said its research suggests that around 60% of malicious traffic targeting the software came from China.

VNC was originally developed at the Olivetti & Oracle Research Lab in Cambridge UK, and has since been made open source, with many derivative software platforms having been developed.

After VNC, the most targeted tool was the Remote Desktop Protocol (RDP) developed by Microsoft, Barracuda said. RDP accounted for around 1.6% of attempted attacks detected by Barracuda. Larger attacks against networks and data are also more likely to target RDP rather than VNC. The platform is also commonly used in phone-based phishing attacks such as the popular ‘technical support’ scam.

Attackers have also been known to target remote desktop tools including TeamViewer, Independent Computing Architecture (ICA), AnyDesk and Splashtop Remote.

Barracuda Senior Security Researcher Jonathan Tanner said these findings should be a wake-up call for enterprises relying on remote desktop tools.

“Remote desktop solutions are useful and popular business tools that allow employees to connect into their computer network from wherever they are. Unfortunately, they are also a prime target for cyber attack,” he said. “There are many different tools available, each using different and sometimes several virtual connection points, or ports, which make it harder for IT security teams to monitor for malicious connections and subsequent intrusion. Standardising on one remote desktop solution across the organisation will enable the IT team to focus resources on managing, monitoring and securing the associated ports, blocking other traffic.”

Other security solutions that should be considered by enterprises include using secure connections such as virtual private networks, regularly updating software with the latest patches and using authentication methods backed by multifactor authentication, Barracuda added.

Image credit: iStock.com/CROCOTHERY