MICROS, an Oracle-owned division that’s one of the world’s top three point-of-sale services, has suffered a security breach. The attack possibly comes at the hands of a Russian crime gang that siphoned out more than $1 billion from banks and retailers in past hacks, security news site KrebsOnSecurity reported Monday.
Oracle representatives have told reporter Brian Krebs that company engineers “detected and addressed malicious code in certain legacy MICROS systems” and that the service has asked all customers to reset their passwords for the MICROS online support site. Anonymous people have told Krebs that Oracle engineers initially thought the breach was limited to a small number of computers in the company’s retail division. The engineers later realized the infection affected more than 700 systems.
Krebs went on to report that two security experts briefed on the breach investigation said the MICROS support portal was seen communicating with a server that’s known to be used by the Carbanak Gang. Over the past few years, Carbanak members are suspected of funneling more than $1 billion out of banks, retailers, and hospitality firms the group hacked into.
According to Krebs’ sources, the attack started with a single infected system that was then used to compromise others. From there, ”intruders placed malicious code on the MICROS support portal, and that malware allowed the attackers to steal MICROS customer usernames and passwords when customers logged in to the support website.”
Oracle declined to answer Krebs’ direct questions about the breach and merely told the reporter the corporate network and cloud/other service offerings remained OK. The company also stated that its customer payment card data is “encrypted both at rest and in transit in the MICROS hosted customer environments.” Krebs reports a mandatory password reset is happening for support accounts on the MICROS portal and an e-mail to customers is in progress.
According to Krebs’ analysis of the situation, the Carbanak Gang likely chose its target within Oracle quite carefully.
This breach could …