DETECTION OVERVIEW

Unconventional VNC Behavior

Risk Factors

The VNC desktop-sharing system is a common target for attackers because VNC provides remote access to other devices over the Remote Frame Buffer (RFB) protocol. Attackers can find weak VNC passwords with low-cost techniques such as brute force attacks. If an attacker has credentials for several devices on the network, they can easily open multiple VNC connections from a single device to control many devices on the network.

The system might change the risk score for this detection.

Kill Chain

Exploitation

Risk Score

Attack Background

Mitigation Options

Disable VNC access where unless required

Limit the number of VNC login attempts and then block IP addresses that exceed this number

Disable guest access to prevent anonymous users from establishing VNC connections without a password

Enable encryption to prevent exposure of plaintext credentials

Modify VNC permissions to only allow connections from trusted devices

MITRE ATT&CK ID

T1021.005
T1219

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases