Cyber hackers breach Oracle’s MICROS payments division

MICROS systems, an Oracle-owned division that’s one of the world’s top three point-of-sale (POS) services, has been hacked by a Russian organized cybercrime group known for hacking into banks and retailers, reports KrebsOnSecurity, a security news site. According to “sources close to the investigation” tell Brian Krebs that the hack was as large as 700 other computers.

Confirming the breach to Krebs, Oracle said that it had “detected and addressed malicious code in certain legacy MICROS systems,” and is advising its customers to reset username and passwords for the MICROS online support portal. The MICROS systems are credit card processing terminals used by banks, hotels, restaurants, and hundreds of thousands of other businesses.

The breach is rumoured to be carried out by the same hacking group that stole $1 billion from banks and retailers in 2015.

While there is no warning what the hackers’ goal was in the attack, there is some sign it may have been robbery. According to Krebs’s source, the Micros customer service portals were seen communicating with a server owned by the Carabanak Gang, a Russian cybercrime group that digitally stole $1 billion from U.S. and Middle Eastern banks.

It is not known when attackers first gained access to Oracle’s systems. However, KrebsOnSecurity first began investigating this incident on July 25, 2016 after receiving an email from an Oracle MICROS customer and reader who reported hearing about a possibly large breach at Oracle’s retail division.

“I do not know to what extent other than they discovered it last week,” said the reader, who agreed to be quoted here in exchange for anonymity. “Out of abundance of caution they informed us and seem to have indicated the incident was isolated to Oracle staff members and not customers like us. In addition, this notice was to serve to customers the reason for any delays in customer support and service as they were refreshing/re-imaging employees’ computers.”

According to Krebs’ sources, the attack started with a single infected system that was then used to compromise others. From there, “intruders placed malicious code on the MICROS support portal, and that malware allowed the attackers to steal MICROS customer usernames and passwords when customers logged in to the support website.” Worst-case scenarios would involve malware being uploaded to customers’ POS terminals, which could be used to skim the card details of millions of customers. Currently, MICROS devices are deployed at over 330,000 sites across 180 countries.

The point-of-sale systems operated by dozens of retailers, hotels, and other types of merchants have been hit by a spate of breaches over the past few years. Two well-known names to be hit are Target and Home Depot. Malware installed on cash registers are used by attackers to remotely capture payment card data when customers make purchases, which then can be later used or sold to the highest bidder.