Hyosung has released the important notice shown below to alert ATM Nation about a serious new ATM cyber jackpotting threat that has just emerged in two separate states in the southeast.
As noted by Hyosung, a breach of several terminals has already occurred – and all ATM Operators need to ACT NOW to protect their routes from similar exposure and loss!
Please be certain to promptly follow all the Hyosung recommended precautions – and contact your ISO or Hyosung Sales Manager ASAP with any questions.
Below the Hyosung alert NAC is also providing additional important guidance shared by former longtime NAC Board Member and President of SwypCo ATM Solutions, Tim Baxter, in order to help you properly implement the applicable "fix" to address this specific exposure.
New Retail Jackpotting Activity Advisory
Hyosung was recently made aware of a small number of jackpotting incidents involving Hyosung Retail ATMs. While jackpotting efforts are rarely successful, we are working with local law enforcement and the U.S. Secret Service regarding certain specific incidents where two different types of jackpotting events appear to have been successful.
In one of these events, a CDU security option, CDU Binding, was not enabled on the machine. In a separate event, SSL was not enabled on the ATM.
For protection against outside attempts to install potentially harmful devices and applications on your ATM, we strongly recommend to all of our customers to:
Enable the CDU Binding option on all of their WinCE 6.0 and WinCE 7.0 Retail ATMs
Enable SSL/TLS Encryption with Certificate Validation enabled on each ATM, which is different from only having SSL enabled on a wireless modem
Install the latest software updates as released by Hyosung
At Hyosung, we are committed to the safety and security of all our ATMs. As part of our ongoing vigilance, we routinely release software upgrades and related modifications that ensure Hyosung ATMs stay ahead of potential risks and respond to emerging threats. In addition to software updates, we highly recommend that ATM operators use all security features available.
It is vital these software updates are installed quickly after release as they likely contain enhanced security to address recent attack vectors.
While overall risks of card skimming and physical attacks have been declining in recent years, jackpotting attempts appear to be increasing. A recent report by the Federal Reserve Bank of Atlanta’s Retail Payments Risk Forum provided an overview of helpful steps that all ATM operators should follow:
“As with all computerized devices, ATM owners should always install software updates and patches as soon as possible since they often address known security vulnerabilities. Likewise, owners should change factory-set passwords for software immediately upon installation of the software. Owners should place surveillance cameras, if they use them, to get good viewing angles of people at the front and rear of the machine. They should monitor access control to determine whether an ATM cabinet has been opened because of a legitimate service need.”
If you have any questions, please contact your Hyosung Sales Manager.
- Your Hyosung Security and Fraud Team -
ADDITIONAL GUIDANCE & INFORMATION:
Along with providing the above linked PDF that lists the steps to enable CDU Binding, Tim Baxter has also provided an instructional video linked below. Although Tim does not claim to be an expert on the CDU Binding procedure, through detailed discussions following the Hyosung alert he has learned of certain key technical aspects of this preventative safety procedure that are essential to know in advance, and warrant further clarification, as follows:
1) Key Principle: Once you "bind" a CDU to a Hyosung ATM terminal, the Main Board and CDU Board are then bound to one another.
2) If you have to remove a CDU that is bound to your ATM and replace with another CDU, you will need to bind the newly installed CDU to your ATM upon installation.
3) If you remove a bound CDU from one ATM and move that CDU to another terminal, you will need to unbind the CDU before removal and then re-bind it to the new terminal in which it is then installed into.
4) Hyosung software version 06.02.10 will not automatically enable binding when you load it into an active ATM. You will need to Enable that feature. Your newly purchased ATMs which arrive with this version of software factory-loaded will have CDU Binding already enabled.
Please click below to see Tim’s video, walking you through the steps required to enable CDU Binding on your applicable ATMs:
Unfortunately, the CDU Binding feature cannot be enabled on Hyosung 1800 and 5000CE ATMs models, and these terminals will need to be retired or if left in service be subject to the jackpotting exposure noted above in the Hyosung Advisory.
WE APPRECIATE YOUR ATTENTION TO THIS IMPORTANT INFORMATION & HOPE IT HELPS KEEP YOUR ATMs SAFE FROM THIS LATEST CYBER THREAT!