(TLP:CLEAR) Forescout Reports Risk to ICS/OT Environments by Exposed Remote Access Services (RDP & VNC)

Summary: On Tuesday, Forescout released a blog post highlighting widespread exposure of remote access services, including Remote Desktop Protocol (RDP) and Virtual Network Computing (VNC), across internet-facing environments. Researchers identified over 1.8 million RDP and 1.6 million VNC servers exposed globally, with tens of thousands mapped to specific industries, including utilities. Notably, hundreds of exposed VNC servers provide direct access to ICS/OT systems, in some cases without authentication, significantly increasing the risk of unauthorized access and operational disruption.

Analyst Note: This reporting reinforces a consistent and well-documented risk to the water sector: insecure remote access pathways into operational environments. The exposure of RDP and VNC services, particularly those lacking authentication or running unsupported systems, creates a direct avenue for threat actors to access and interact with ICS/OT assets. These weaknesses are not theoretical; threat actors, including hacktivists and ransomware actors, are actively scanning for and exploiting exposed systems, and some groups are developing tools specifically designed to identify and access OT environments.

For water utilities, the implications are significant. Remote access technologies are often necessary to support distributed infrastructure, third-party maintenance, and operational continuity. However, when improperly secured or directly exposed to the internet, these same technologies can provide adversaries with a foothold into critical systems. The presence of legacy systems, weak authentication practices, and limited visibility into remote sessions further amplifies this risk.

WaterISAC encourages members to restrict direct internet exposure of RDP and VNC services, implement strong authentication controls, and adopt secure remote access solutions that provide visibility, session control, and least-privilege access. Strengthening these controls remains a critical step in reducing the likelihood of unauthorized access and protecting operational resilience.

Fundamental 2 “Minimize Control System Exposure” from WaterISAC’s 12 Cybersecurity Fundamentals for Water and Wastewater Utilities provides utilities with guidance and resources to help secure this critical risk to the sector.

Original Source: https://www.forescout.com/blog/rdp-security-cps-threats-spark-need-for-secure-remote-access/

Additional Reading:

• Hundreds of Internet-Facing VNC Servers Expose ICS/OT
• Guide to Securing Remote Access Software

Related WaterISAC PIRs: 6, 8, 10, 12