This is an official email received by NAC (National ATM Counsel) on 8/19/24.
Please note that this security bulletin effects ATM companies who utilize RMS software and who have not changed the default passwords.
Please be aware- if you are a Best Products customer- this should not effect you- unless you are utilizing your own RMS software and have default passwords.
Critical Hyosung & Genmega ATM Security Directive
In collaboration with the FBI and Secret Service, Genmega and Hyosung have become aware of several recent cyber-attacks specifically targeting ISO and IAD ATM operators. Criminals are modifying terminal settings to replace the legitimate ATM host processor with a fraudulent server to falsely authorizing high-dollar withdrawal transactions to empty significant amounts of cash from the ATM (aka jackpotting). This is not restricted to any manufacturer or model type.
The cyber-attacks are varied in nature and law enforcement has seen attacks that start with local, physical access of the ATM and attacks on the ATM remote management systems (RMS). The use of default or easily guessed passwords (such as 111111) are common and provide criminals straightforward access to change configuration settings directly on the ATM. Similarly, criminals are probing the internet for exposed RMS servers and using default passwords to remotely change settings.
Hyosung and Genmega strongly recommend the following actions to protect your fleets:
- Of utmost importance, ensure RMS software is protected with proper IT and network security, such as running behind a tightly configured firewall.
- Change all default or easily guessed passwords used to gain access to ATM configuration settings. Never write down the password on or in the ATM (even inside the cabinet).
- Change all passwords on RMS software, both for workstations and databases.
- Enable TLS communications between the ATM and the host processor. Recent software releases enable TLS by default, but older software or misconfiguration may result in TLS being disabled.
ATM crime is a threat to our industry, regardless of robbery, theft, or cyber-attacks. Genmega and Hyosung will continue to collaborate with law enforcement and between our companies to advance security and legislation to deter criminal behavior. For further information please contact the respective support organization for assistance.
Sincerely,
Wes Dunn
Chief Revenue Officer
Genmega
Nancy Daniels
Chief Operating Officer
Hyosung
STAY IN THE LOOP
Subscribe to our free newsletter.
Owning your own ATM and offering your customers a variety of payment choices can be a game-changer for your business. When you have an ATM on-site, it provides convenience for your customers who need cash quickly, making your business a go-to spot. People appreciate the ability to get cash without having to go out of
Starting an ATM business can seem like an easy way to make money without much effort. The idea is simple: place an ATM in a busy location, collect surcharge fees, and earn a steady income. However, the reality is a bit more complex. 1. False Expectations The idea of making money while doing nothing is
I often get asked, “Why do you always pay with cash?” People suggest “Just use your credit card. It’s easier,” or they say my personal favorite, “You’re missing out on reward points.” Here’s why I stick to cash: Many people believe credit cards offer more buying power. Heck there have been TV series touting this
As we move further into 2024, ATM technology is evolving rapidly, bringing significant benefits to both businesses and consumers. Innovations in security, convenience, and efficiency are transforming how we interact with ATMs. Here are the top trends to watch in ATM technology this year, with Near Field Communication (NFC) leading the way. Near Field Communication
