Hyosung and Genmega Recommend Actions to Protect Your ATMs
In collaboration with the FBI and Secret Service, Genmega and Hyosung have become aware of several recent cyber-attacks specifically targeting ISO and IAD ATM operators. Criminals are modifying terminal settings to replace the legitimate ATM host processor with a fraudulent server to falsely authorizing high-dollar withdrawal transactions to empty significant amounts of cash from the ATM (aka jackpotting).
This is not restricted to any manufacturer or model type. The cyber-attacks are varied in nature and law enforcement has seen attacks that start with local, physical access of the ATM and attacks on the ATM remote management systems (RMS). The use of default or easily guessed passwords (such as 111111) are common and provide criminals straightforward access to change configuration settings directly on the ATM. Similarly, criminals are probing the internet for exposed RMS servers and using default passwords to remotely change settings.
Hyosung and Genmega strongly recommend the following actions to protect your fleets:
- Of utmost importance, ensure RMS software is protected with proper IT and network security, such as running behind a tightly configured firewall.
- Change all default or easily guessed passwords used to gain access to ATM configuration settings. Never write down the password on or in the ATM (even inside the cabinet).
- Change all passwords on RMS software, both for workstations and databases.
- Enable TLS communications between the ATM and the host processor. Recent software releases enable TLS by default, but older software or misconfiguration may result in TLS being disabled.
| ATM crime is a threat to our industry, regardless of robbery, theft, or cyber-attacks. Genmega and Hyosung will continue to collaborate with law enforcement and between our companies to advance security and legislation to deter criminal behavior. For further information please contact the respective support organization for assistance. Sincerely, |