👇 A new article has been released on cybernews 👇
READ HERE:
🦾 Welcome our first AI-generated spokesperson, let us know your thoughts down in the comments!
About us: our dedicated team of security researchers and investigative journalists regularly delves into previously unexplored depths of online security and privacy in order to shed light on stories that often have an unseen influence on the online world at large. A number of our investigations and reports have been featured by industry-related publications and global news leaders like Forbes, PC mag, Techradar.
——————————————————————————–
In mere seconds, a hacker remotely accessed a computer belonging to a regional Ministry of Health in Russia, taking advantage of sloppy cybersecurity practices to expose its entire network.
——————————————————————————–
Spielerkid89, who wished to remain anonymous, did not intend to harm the organization and left its systems intact. However, his experiment is a perfect example of how poor cyber hygiene can leave organizations vulnerable to cyber attacks.
Russian state-sponsored cyber attacks can be devastating and leave hundreds of thousands of the Kremlin’s foes without water or electricity.
However, evidence suggests that the rogue superstate’s cyber capabilities are as weak as its military stance in Ukraine, especially when met with resistance.
An army of pro-Ukrainian hactivists has already demonstrated how easy it is to take vital Russian services offline or intercept them with anti-war messages.
No wonder Russia has been preparing to cut itself off from the global internet, hoping to move key government institutions to a sovereign Runet – a pan-Russian web limited to the Federation – to make them less prone to cyber attacks.
Spurred into action by the invasion of Ukraine, Spielerkid89 decided to investigate whether he could find Russian IPs with disabled authentication to fool with. By using the Shodan search engine, Spielerkid89 soon discovered an open virtual network computing (VNC) port with disabled authentication.
VNC is a desktop sharing system – you can use it to remotely access your work computer from home or any other location, or allow technical support staff to do likewise.
Ideally, VNC should be used only with authenticated users, such as system administrators. Nobody should access a computer without being properly vetted, but that seems to be a security issue that is often overlooked.
As a result, Spielerkid89 connected to a computer belonging to the Ministry of Health in the Omsk region of Russia. To remotely access a ministry employee’s desktop, the hacker didn’t need any password or authentication – he could access all the files and information on that computer via an open VNC port.
“I was able to access people’s names, other IP addresses pointing to other computers on the network, and financial documents, too,” he said.
The Cybernews research team confirmed that Spielerkid89 did indeed gain access to a computer belonging to this Russian ministry. As mentioned above, it was not his intention to harm the organization, and he left its systems intact.
Spielerkid89 is not a threat actor, and he didn’t harm the organization – he simply took a few screenshots as proof.
However, his experiment illustrates how easy it is for a malicious hacker to breach an organization. By remotely accessing a computer via an open VNC port with disabled authentication, a criminal could download sensitive files, spy on other computers or servers in the network, set up services to create a backdoor, install malware, remote access Trojans, among other things.
“You can do anything you want, basically with full, unfettered access,” Spielerkid89 explained.
He added that open VNC ports with disabled authentication are common cybersecurity malpractice.
“It was so easy to gain access to these systems. They shouldn’t be there unauthenticated. That’s a serious security breach of assets right there. I didn’t need anything to get it, really,” he said.
The port he used to gain entry and snoop around the Omsk ministry is now closed. However, VNC and the remote desktop protocol (RDP) remain one of the main entry points into an organization.
Keep up to date with the latest news:
➡️ Visit our site
➡️ Facebook
➡️ Twitter
➡️ #cybernews #TechNewsByAI #cybernewsByAI
