View as Webpage

RMS REMOTE JACKPOTTING

STILL HAPPENING

NAC has learned of costly criminal RMS jackpotting attacks once again targeting Retail ATMs in diverse areas of the country.

TO PROTECT YOUR ROUTE AGAINST RMS-BASED JACKPOTTING AND AVOID SIGNIFICANT MONETARY LOSS, IT IS IMPERATIVE FOR ALL U.S. ATM DEPLOYERS WHO USE RMS SOFTWARE AND SYSTEMS TO ONLY RUN THE MOST RECENT SOFTWARE VERSIONS – ON THEIR ATM TERMINALS AND RMS SERVER(S) – AND TO FOLLOW ALL SECURITY RECOMMENDATIONS FROM HYOSUNG AND GENMEGA. 

UNLESS YOU ARE USING THE LATEST RMS SOFTWARE AND OPERATING IN COMPLIANCE WITH MANUFACTURER SECURITY RECOMMENDATIONS, YOU ARE PLACING YOUR ATM COMPANY AT SERIOUS FINANCIAL RISK.

If you have not already done so, DOWNLOAD THE NEWEST RMS SOFTWARE VERSIONS ASAP for both your RMS Server(s) and ATM Terminals.


The latest software versions are vital to protect your route against RMS-based jackpotting and should be downloaded ASAP to avoid incurring a very significant potential dollar loss.


BOTH RMS Server AND Terminal Software updates are Required.

Only Updating the RMS Server Software Alone Will NOT Protect You.


Please contact your Hyosung / Genmega vendor/distributor TODAY – and make certain you have the correct software versions loaded on both your RMS Server(s) and ATM Terminals to protect against this terrible jackpotting scam.



Conduct a Security Audit

PRIOR TO DOWNLOADING ANY NEW RMS SOFTWARE, it is of the utmost importance that ATM deployers also have a qualified ATM / IT / Security specialist conduct a thorough “audit/review/cleanup” of your RMS server(s), desktops, laptops, mobile phones, and ATM terminals, to ensure there’s no hidden malware already present in any of these systems/devices. If you do not take this step first to identify any existing exposures and ensure everything is clean, your subsequent attempted fixes/updates may be ineffective.

As part of this “IT Security Audit,” it is also very important to have

an advanced “Commercial Grade” hardware-based firewall in place,

behind which all your RMS Servers/CPUs and other sensitive ATM

hardware / devices / systems reside and are protected.

Steps to Protect Against RMS Jackpotting

To ensure the safety and security of your ATM route, under guidance from your IT expert, take the following steps to protect against RMS-based jackpotting attacks:


1. DOWNLOAD THE LATEST MANUFACTURER SOFTWARE into your ATMs and RMS Server(s).


2. INSTALL A PHYSICAL COMMERCIAL GRADE HARDWARE-BASED FIREWALL

(a separate standalone “box”) on y our RMS Server(s) / CPU(s) that is properly configured and secure, using US-branded chips only (no Huawei chips from China), behind which your RMS server(s) / CPU(s) / router(s) and all other sensitive ATM systems / software / hardware / data sits. 


A commercial grade firewall, designed for small or medium sized businesses,

will cost between $1-4K. While this is not an inexpensive purchase,

it is absolutely necessary to operate RMS safely on your route – and well

worth the investment to avoid a major dollar loss.


Your firewall configuration should only allow RMS traffic to / from your designated / approved ATMs’ static IP addresses and ideally not allow any other external connections to the RMS server(s).


3. IN ADDITION, REGARDING INSTALLATION OF SOFTWARE-BASED FIREWALLS, YOU SHOULD:


(a) Enable the software-based firewall that is included in your Microsoft operating system on the server(s) / CPU(s) running your RMS software(s). Please ensure all your server(s) / CPU(s) are running the latest version of Windows WITH all the latest security updates in place. 


(b) Download and enable an additional software-based firewall onto those server(s) / CPU(s) running your RMS software(s). 


(c) Download and enable Microsoft + additional software-based firewalls on all other relevant end point devices (phones / tablets, etc.). 


Need to Run Remote Access to RMS Servers?

If you are required to utilize any remote access to your RMS Server(s), this should ONLY be done in conjunction with using a dedicated VPN connection and not using any open internet/wi-fi connection. 


Allowing multi-party access to your RMS system presents a significant security risk. In order to avoid this major potential exposure, such configurations will require immediate consultation with a qualified network security specialist regarding necessary use of VPNs, additional firewall(s), etc., in order to be safe.


4. CHANGE ALL YOUR DEFAULT PASSWORD SETTINGS (for RMS and all other ATM operational systems / databases) on both your ATM terminals and servers / computers / phones, so the passwords are at least ten characters in length and use a random, not easily guessed, mix of capitalized and lower-case letters / numbers / symbols. Do this now / ASAP, and then change yearly.


Do not write these passwords down anywhere on / in / around your ATMs in the field – or record them anywhere else other than behind a password restricted firewall. Change them at least once a year or in the event of any compromise.


5. FULLY ENABLE TLS COMMUNICATIONS between your ATMs and host processor(s). Check with your ATM and modem providers for details on steps required. Older software versions or inadvertent misconfigurations in loading the software may result in TLS being disabled or not working properly.


6. CHANGE LOCKS. Work with a lock company to change the core lock from manufacture default to control fascia and cabinet access.


7. SECURE COMMUNICATIONS. Secure your communications boxes and routers, either inside the cabinet or in a controlled environment, so they are not visible or accessible to the general public.


8. CHECK WITH YOUR INSURANCE AGENT on your current cybercrime coverage, if any, and what coverage(s) may be available to you in the marketplace.

If You Experience an Attack

If your company experiences an RMS jackpotting attack, in addition to already having taken the above steps it is imperative to immediately take the following additional remediation steps:


  • Suspend use of and disconnect your RMS server(s).
  • Speak with your ISO / manufacturer / distributor to let them know what’s occurred and for advice on specific recommended remedial steps.
  • Have an IT / ATM “hacking” specialist check your server(s)/computers/software files to identify and remove any malware and restore a clean environment.
  • Speak with local law enforcement to report the specifics of the incident. Be sure to use the term “RMS Jackpotting” in your written police report.
  • Speak with your local / regional US Secret Service and FBI offices and indicate it was a “RMS Jackpotting” attack in your incident reports.
  • File an incident report with NAC’s new US SecureATM Database: https://secureatm.us/#report-incident
  • Contact your insurance agent to determine whether any insurance benefts may be available.


If NAC can be of any other assistance on these vital matters, as always, please do not hesitate to reach out for assistance. However, given the highly technical and company-specific nature of the issues involved, if you do have specific equipment or software related questions, you are encouraged to contact your ISO / manufacturer / distributor directly for the most expeditious and effective advice and guidance.


Please Stay Safe!

Your NAC Staff

ABOUT NAC

The National ATM Council, Inc. is a not-for-profit national trade association dedicated to ethically and effectively representing the business interests of ATM Owners, Operators and Suppliers in their efforts to provide safe, secure and convenient delivery of cash to consumers throughout the United States. 

https://www.natmc.org/
LinkedIn  Facebook  Instagram  X

The National ATM Council, Inc. | 9802-12 Baymeadows Rd. #196 | Jacksonville, FL 32256 US

Unsubscribe | Update Profile | Constant Contact Data Notice