Protecting Your ATM Network from RMS Jackpotting Attacks

In recent years, independent ATM deployers across the United States have faced increasingly sophisticated threats targeting their machines. While traditional jackpotting techniques have been documented for some time, a new and alarming trend has recently emerged: Remote Management System (RMS) attacks. This is a critical vulnerability and ATM operators must act fast to protect their assets and their customers.

The Growing Threat of Digital Attacks and ATM Jackpotting

ATM jackpotting has evolved significantly from its early days. Modern criminals have developed sophisticated methods to intercept communications between ATMs and their processors. These attacks can take several forms, including compromising network devices, installing malicious software (malware) on machines, or even physically tapping into the ATM’s communication lines.

What makes these attacks particularly dangerous is their ability to bypass traditional security measures. Even machines with strong physical protection can be vulnerable to digital attacks, which often provide few indicators of attack until it’s too late.

The Dangerous New Frontier: RMS Jackpotting

The latest evolution in jackpotting techniques targets the ATM’s Remote Management System (RMS), with devastating results. In the past few weeks alone, RMS-based jackpotting attacks have allowed criminals to steal hundreds of thousands of dollars from multiple ATM operators across the country.

What sets these attacks apart is their scale. Rather than targeting individual machines, criminals leverage their access to the RMS to locate all ATMs associated with a single deployer. This allows them to orchestrate coordinated attacks on multiple machines quickly and efficiently. Often, criminals using RMS access are able to empty dozens of ATMs hours before the breach is detected.

Understanding RMS Attacks

RMS attacks typically begin with a man-in-the-middle attack where criminals intercept the ATM’s communications. This is accomplished through:

1. Compromising network devices or installing malware that can capture and relay communications.
2. Spoofing IP addresses to gain unauthorized access to the network infrastructure.
3. Hacking into the remote management system itself.

Once inside the RMS, criminals can comprehensively view the operator’s entire ATM network. This allows them to identify, control, and target any machine connected to the system, maximizing their potential take before detection.

Essential Security Measures to Prevent RMS Jackpotting

To protect your ATM network from these devastating attacks, it is recommended that ATM deployers implement these critical security measures:

1. Conduct a Thorough Security Audit – Perform a comprehensive audit of your current RMS servers and all connected devices, including:

   • ATM terminals

   • Mobile phones used for management

   • Laptops and desktops with access to the system

This audit should identify all potential vulnerabilities and access points to your network.

2. Update your RMS Software – Download and implement the latest RMS software from your ATM manufacturer(s), as these updates often include critical security patches. Ensure your ATMs remain secure by installing the updated RMS software for both Hyosung and Genmega. For personalized guidance or help with installation, feel free to contact NationalLink’s tech support team.

3. Implement Hardware-Based Firewalls – A commercial-grade, hardware-based firewall provides essential protection for your network. While these typically cost between $1,000-$4,000, this investment is minimal compared to potential losses from a successful jackpotting attack. Once installed, take extra precautions or hire an IT expert to ensure your firewall is properly configured and secure.

4. Enable Software-Based Firewalls – In addition to hardware protection, enable software-based firewalls on all connected devices:

• Enable the firewall include in your Microsoft operating system

• Ensure all Windows security updates are installed

• Consider implementing additional software-based firewalls for enhanced protection

• Apply this process to all endpoint devices including mobile phones, laptops, desktops, and ATM terminals

5. Implement Standard ATM Security Measures – Don’t overlook the basics. Be sure your business is following other recommended processes and procedures, including:

• Update all default passwords with strong, unique alternatives

• Replace default ATM locks with more secure, custom options

• Secure all potential physical access points on your machines

Professional Support for ATM Security

By implementing these security measures, independent ATM deployers can significantly reduce their risk of falling victim to RMS jackpotting attacks and protect their assets and reputation in an increasingly challenging security landscape.

Protecting your ATM network requires vigilance and expertise – now more than ever. NationalLink can help evaluate your vulnerabilities and secure your network against these sophisticated RMS attacks. Contact us today to ensure your ATM fleet remains protected against the latest jackpotting techniques.