One of the world’s leading cash management service providers has today (April 30) issued an urgent warning for ATM owners following a surge in cyber attacks.
Hyosung Americas is urging owners to apply critical software patches to protect their machines.
“Regular security updates and adherence to best practices are not optional in today’s environment. They are essential protective measures against increasingly sophisticated criminal activities,” says Nancy Gail Daniels, COO of Hyosung Americas.
The warning comes after a surge in cyber incidents targeting Remote Management Software (RMS), first detected in September 2024, which is used to control and monitor ATMs. These vulnerabilities have been exploited by criminals, allowing unauthorised access and control over machines.
Despite Hyosung’s release of a patch in late 2024, many ATMs remain unprotected as owners fail to implement the necessary updates.
The growing cyber threat follows a series of high-profile attacks across the financial sector. Recent incidents include jackpotting attacks, where cybercriminals use malware to force ATMs to dispense cash. According to the US Secret Service, more than 300 jackpotting attacks occurred in 2024 alone. Additionally, data breaches in cryptocurrency ATMs and ransomware attacks on financial institutions have underscored the escalating risks in the payment sector.
Critical Security Steps for ATM Owners
Hyosung has outlined several key measures to mitigate risks:
- Update Software: Install the latest patches that include crucial security features.
- Change Default Passwords: Replace weak default passwords with strong, unique combinations.
- Strengthen IT Security: Ensure ATM management systems are secured behind firewalls and employ encryption methods such as Transport Layer Security (TLS).
- Enable Message Authentication: Add layers of protection by enabling message authentication codes (MAC).
Daniels stressed that these steps are essential to safeguarding the integrity of the ATM network. “We’ve been actively communicating with our partners, reinforcing the necessity to implement the steps in security advisories updates and address ATM vulnerabilities since last year,” she said.
Broader Impact on the Financial Sector
The ATM security breaches are part of a broader trend of cyberattacks on payment systems. At the Defcon 2024 security conference, researcher Matt Burch revealed six vulnerabilities in Diebold Nixdorf’s Vynamic Security Suite, a widely used security solution for enterprise ATMs. These flaws could have been exploited to bypass ATM hard drive encryption and take full control of the machines. While patches were released, some ATMs may still be exposed if institutions haven’t fully updated their systems.
Meanwhile, ransomware attacks on institutions like Patelco Credit Union have disrupted financial services, impacting thousands of customers. Similarly, in December 2024, a physical breach of an ATM at Randolph-Brooks Federal Credit Union potentially exposed the personal banking information of over 4,600 customers. Compromised data included names and financial details such as account numbers and credit or debit card numbers. The credit union followed regulatory protocols to notify affected members and informed the Texas Attorney General’s Office.
And it’s not just physical ATMs at risk. In the first half of 2024, individuals lost $65 million to Bitcoin ATM scams, according to a report by the Federal Trade Commission (FTC). Scammers impersonated bank or government officials, convincing victims to withdraw large sums of cash and deposit them into Bitcoin ATMs, transferring the money into the scammers’ crypto wallets via QR codes. The median loss reported by victims was $10,000.
In December 2024, a data breach at Byte Federal, a Bitcoin ATM operator, exposed the personal details of over 58,000 customers. The breach occurred after a vulnerability in the GitLab platform was exploited, granting unauthorised access to user data such as Social Security numbers, email addresses, phone numbers, dates of birth, and government-issued IDs. The company reported no evidence of compromised funds but advised users to reset login credentials and monitor accounts for suspicious activity.
These incidents underscore the growing need for comprehensive security protocols across the financial sector. Hyosung’s call for action aligns with broader industry efforts to fortify payment systems against cyber threats.
