The National ATM Council recently reported on several recent cyber-attacks targeting ATM operators. Genmega and Hyosung have been working directly with the FBI and Secret Service to combat the attacks, in which criminals are “modifying terminal settings to replace the legitimate ATM host processor with a fraudulent server to falsely authorize high-dollar withdrawal transactions.” This is known as jackpotting and is not restricted to any particular manufacturer or model.
The ATM companies’ chief revenue officer Wes Dunn (Genmega) and chief operating officer Nancy Daniels (Hyosung) strongly recommend the following actions to protect your fleets:
-
Of utmost importance, ensure RMS software is protected with proper IT and network security, such as running behind a tightly configured firewall.
-
Change all default or easily guessed passwords used to gain access to ATM configuration settings. Never write down the password on or in the ATM (even inside the cabinet).
-
Change all passwords on RMS software, both for workstations and databases.
-
Enable TLS communications between the ATM and the host processor. Recent software releases enable TLS by default, but older software or misconfiguration may result in TLS being disabled.
