Recent findings by Forescout reveal that numerous internet-facing VNC and RDP servers pose a substantial risk to industrial control systems (ICS) and operational technology (OT). The study highlights the potential exposure of these critical systems to cyber threats.
Remote Access Servers: A Growing Concern
Remote Desktop Protocol (RDP) and Virtual Network Computing (VNC) are essential tools for remote access, yet their direct exposure to the internet remains a critical security issue. Forescout’s research indicates that approximately 1.8 million RDP and 1.6 million VNC servers are publicly accessible, predominantly in China and the United States. Despite a large number of these being honeypots or managed by ISPs and hosting providers, a significant portion, namely 91,000 RDP and 29,000 VNC servers, are linked to specific sectors.
Industries at Risk
The study identifies that exposed servers are prevalent in industries such as retail, education, services, manufacturing, and healthcare. Alarmingly, many of these servers operate on outdated Windows versions susceptible to vulnerabilities like BlueKeep, which has been previously exploited by diverse threat actors. Moreover, nearly 60,000 VNC servers lack authentication safeguards, with 670 providing direct access to ICS/OT interfaces, heightening security concerns.
Cybersecurity Threats and Incidents
Access to these cyber-physical systems is highly valuable to attackers. Past incidents involve Russia-linked groups targeting OT systems through VNC, as noted by government agencies in December 2025. The Infrastructure Destruction Squad, known for developing scanning tools for RDP, VNC, and OT protocols, shared instances of compromised systems, including a groundwater pumping station in Israel and a control system in Turkey. Between these attacks, the group advertised access to a SCADA system in Czechia.
In addition to these targeted attacks, cybercriminals frequently exploit RDP for ransomware deployment, with the Redheberg botnet affecting nearly 40,000 VNC servers since February.
Mitigation Strategies
Organizations can mitigate these risks by implementing secure remote access solutions tailored for sensitive cyber-physical systems. This approach is vital to safeguard against potential exploitation and ensure the security of critical infrastructure.
Overall, the exposure of VNC and RDP servers to the internet underscores the importance of robust cybersecurity measures to protect industrial and operational technologies from evolving threats.
