Spielerkid89, a hacker who wanted to stay anonymous, managed to breach the computer of a regional Russian Ministry of Health by exploiting sloppy cybersecurity practices.
Although the hacker didn’t intend to harm the system, the breach serves as a perfect example of how poor cybersecurity can compromise vulnerable organizations and devices.
The attacker reportedly decided to probe Russian IP addresses with poor or no authentication and used the Shodan search engine to carry out research, leading to an unsecured open virtual network computing (VNC) port.
After the discovery, the attacker managed to breach the computer of the Ministry of Health in the Omsk region of Russia with no need for authentication such as a username or password.
“I was able to access people’s names, other IP addresses pointing to other computers on the network, and financial documents, too,” the hacker said, according to Cybernews. “It was so easy to gain access to these systems. They shouldn’t be there unauthenticated. That’s a serious security breach of assets right there. I didn’t need anything to get it, really.”
VNC is a type of remote-control software that lets users control computers over a network connection from a distance. Users generally rely on VNC to access their work computer from home or allow support agents to help them with technical issues.
Although VNC offers plenty of security settings, sometimes system administrators overlook them and leave open ports with disabled authentication. This invites a broad range of potentially disastrous attacks, such as theft of sensitive files, setting up backdoors, deploying malicious payloads, installing remote access Trojans, spying on other devices on the network, or wiping the targeted devices clean.
In this case, the hacker didn’t mean to harm the organization and allegedly only took a few screenshots of the compromised system as proof. Users should practice good cyber hygiene, especially while using remote-desktop connection services such as VNC.
- Use multi-factor authentication (MFA) for VNC servers
- Review connection logs on a regular basis
- Enable screen blanking on Windows computers
- Only allow trusted people to connect to your VNC server
- Set a complex, unique password for your VNC server and replace it frequently