Thursday
1000 PST: All updates deployed, all CSG systems operating as expected. Incident Resolved.
Wednesday
1930 PST: We continue to deploy software updates to restore EJ and Terminal Status services with approximately 50% deployed. Next update by 0800 PST tomorrow.
1200 PST: We continue to deploy software updates to restore EJ and Terminal Status services with approximately 15% completed without issue. Next update by 1700 PST.
0730 PST: SAN-SCM and SAN-FDE deployment complete, SAN services are operating as expected. We are continuing the software deployment to restore EJ services and expect restoration of services for all customers to take approximately 24-48 hours. Next update by 1200 PST.
0430 PST: All conveyance services restored. Some users may have missed an X9 transmission if scheduled around 1730 PST, please contact support for a retransmission. SAN-SCM and SAN-FDE users deployment underway. EJ services will be degraded for remaining users until all updates completed. Next update by 0800 PST.
0100 PST: Update testing successful, limited deployment to Conveyance users started. Next update by 0700 PST.
0030 PST: Software update currently in testing. Next update by 0700 PST.
Tuesday
2100 PST: We have resolved the issues with Cook Command Center, all CC related services including support tickets are back online. Conveyance check deposits are currently not operational but we expect to have this resolved tonight with a software update. SAN-SCM, SAN-FDE and Electronic Journals are also currently offline and we expect to start resolving this issue early tomorrow morning, also with a software update. Additional updates to follow as they are available. Next update by 0700 PST.
2000 PST: We are aware of a system interruption currently affecting all CSG services. Our team has identified the issue and are working on a resolution. Next Update by 2100 PST.
Tuesday
0800 PST: All messages have been processed, systems operating as expected. Incident Resolved.
Monday
1700 PST: Communication to the primary receiver continues to operate as expected. We are seeing some delayed notifications for signals that were received during the interruption, which will continue until all queued messages are processed.
0830 PST: We are aware of a brief interruption in communication to the Primary Receiver for our COPS alarm monitoring service that may have triggered a "Network Trouble" or "Comm Path Trbl" error on your alarm keypad. Communication to the backup receiver was working as expected and all alarm signals were still being received via this path as expected. The primary receiver communication has restored, which should clear the alert on your keypad, and we are investigating the cause. We will continue to monitor communication closely for the remainder of the day. Next update by 1700 PST.
1500 PST: Outboud email queue has been cleared, email is back to normal operation. Incident resolved.
1400 PST: A fix has been deployed and we are seeing the outbound email queue decrease as messages are sent. Next update by 1500 PST.
1200 PST: We have identified the issue and are working with our service provider on a resolution. Next update by 1400 PST.
1100 PST: We are aware of an issue currently affecting our outbound email communications. We continue to receive inbound messages but some of our outbound emails are not being sent. Our team is working diligently to resolve the issue and we will continue to post updates until resolved. All other CSG systems are operating as expected. Next update by 1200 PST.
We have received multiple reports of an increase in a new jackpotting attack targeting ATMs across the UnitedStates called Direct Memory Access (DMA). All ATM manufacturers are susceptible to this type of attack which bypasses traditional security controls. The methodology is very similar to Hard Drive Attacks but targets the systems memory instead of the hard drive.
We recommend the following actions are taken immediately:
Verify top hat of ATM is alarmed and create a response plan for active alarms to include historical footage review.
Confirm BIOS and firmware are up to date with the latest security releases.
Verify HDE encryption is enabled on all ATMs.
Inspect for tampering daily.
Increase monitoring through Command Center or other remote management tools.
Report any suspicious activity to the NOC immediately.
These attacks are highly coordinated and often occur after hours. Quickreporting and verification of system integrity are critical in preventinglosses.
For a deeper look at current jackpotting trends and prevention strategies, download our Comprehensive Jackpotting Prevention Guide Developed in collaboration with the U.S.Secret Service, this whitepaper outlines the latest attack methods, detection techniques, and the 12 layers of defense Cook Solutions Group recommends to safeguard your ATMs. It’s an essential resource for fraud and security teams working to stay ahead of coordinated threats.