Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
The VNC desktop-sharing system is a common target for attackers because VNC provides remote access to other devices over the Remote Frame Buffer (RFB) protocol. If an attacker gains access to a poorly-secured VNC device, they can easily transfer data. Unusual data transfers can be associated with risky activity such as sharing malicious files between compromised devices or data staging. Data staging is the process of collecting and preparing data for exfiltration. Depending on the sensitivity of the transferred files, the impact can be devastating if important, proprietary, or customer data is leaked.
The system might change the risk score for this detection.
Kill Chain
Risk Score
60
N/A
Disable VNC access unless required
Implement strict rules for outbound traffic on devices that contain valuable data
Track suspicious activity by implementing strict audit controls on important documents
Disable guest access to prevent anonymous users from establishing VNC connections without a password
Enable encryption to prevent exposure of plaintext credentials
Modify VNC permissions to only allow connections from trusted devices
