Michael Graham is the Vice President of Retail Solutions & Strategy for Hyosung. In this role, he helps retail customers make decisions about transformation products and unlock the value of those investments. Prior to joining Hyosung, Michael worked at Wells Fargo Bank in both the Retail Banking and Technology business units, developing and implementing many transformative solutions and products.

Key takeaways:

  • Uptick in ATM Jackpotting attacks.
  • Malware, black box and Man-in-the-Middle attacks reported in multiple states and across multiple ATM manufacturer brands.
  • Hyosung recommends enabling TLS encryption and/or Message Authentication Codes to further protect your ATMs from Jackpotting attempts.

Hyosung is aware of recent increase in Jackpotting attempts in the US as reported by the US Secret Service.  

These attacks include traditional malware, black box and man-in-the-middle attacks across multiple ATM brands in multiple states.  Attacks are believed to be committed by several criminal groups considered still in the US and are expected to continue attempts on ATMs.

Hyosung’s position is that all ATMs are vulnerable to MITM attacks. To help prevent such attacks, Hyosung strongly recommends enabling TLS (Transport Layer Security) and TLS certificate validation / enabling message ‘MACing’ (Message Authentication Codes) if it is supported by your NDC Host.Hyosung also recommends ensuring the latest firmware and software updates are installed on your ATMs.

For the host connection:

  • Beginning with BlueVerse Embedded (MoniPlus2CE) V06.03.00 WinCE6/7 TLS/Certificate Validation is enabled by default.
  • For BlueVerse Global and BlueVerse XTM (NBS) TLS/Certificate Validation is not enabled by default but customers are strongly encouraged to enable it.

In addition, for both BlueVerse Embedded and BlueVerse XTM MACing should be enabled.  

  • For customers using BlueVerse Fleet (MoniManager) or BlueVerse Fleet Lite (MoniView) best practice is to secure these channels using TLS/Certificate Validation.
  • By default the connection between BlueVerse Fleet and BlueVerse Global/BlueVerse XTM uses TLS/Certificate Validation. In addition, Managed Services uses an encrypted VPN connection to the Cloud.

Instructions for configuring TLS secure communication with the NDC host can be found in the MoniPlus2 Operator Program Manual and are referenced in Hyosung Technical Bulleting ‘Secret Service Alert #24-006-I’ released June 7, 2023.   

Customers should work with their NDC host to ensure these steps are achievable and implemented correctly.

For additional questions regarding protections that support your ATMs, please contact your Hyosung Sales leader or Authorized Hyosung Reseller.

Sources: Home | United States Secret Service, Home | NAC Conference & Exp (natmc.org)

Related Posts

PCI TR-31 and TR-34 Guidance for FI ATMs

PCI TR-31 and TR-34 Guidance for FI ATMs

Hyosung ATMs have been updated to support a more secure method of storing and securing encryption keys. The new standard TR-31 (“key blocks”) will be mandated by PCI (Payment Card Industry) for the transfer of keys to ATMs starting January 1, 2025. To transfer the master key from the host processor to the ATM in […]

Continue Reading
Service Parts Bulletin

Service Parts Bulletin

Replacement BMD and BMU Control Boards This bulletin is to inform our customers about a part number change for the replacement TCR control board and core board for the BMD and BMU. When replacing the main control board on the BMD or BMU of the TCR, you must also change the core board. In the […]

Continue Reading
ATM Security Bulletin | November 2023

ATM Security Bulletin | November 2023

Key takeaways: Hyosung Innovue is aware that ATM skimming attacks are on the rise in 2023. While non-bank owned ATMs skimming attacks are relatively flat year-over-year, according to FICO, there has been a year-over-year increase in Card skimming of 109% at bank-owned ATMs in the first half of 2023.  Furthermore, there is a shift in […]

Continue Reading