Russian hackers 'behind Oracle Point-of-Sale hack'

Thousands of shops and hotels potentially at risk

Russian cybercriminals are thought to be behind malware attacking hundreds of Oracle's computer systems and Oracle-owned Micros's Point-of-Sale customer support portal.

The hack on Oracle's Micros systems was instigated by Russian hacking group Carbanak, which specialises in banks, according to a report by security researcher and journalist Brian Krebs.

Advertisement - Article continues below

In a letter to Micros customers shared with IT Pro, Oracle acknowledged that it had "detected and addressed malicious code in certain legacy Micros systems".

Oracle is now forcing a password reset for Micros customers on the support website. It also said that its corporate network, as well as its other cloud and service offerings, were not affected.

"A source briefed on the investigation says the breach likely started with a single infected system inside Oracle's network that was then used to compromise additional systems," said Krebs. "Among those was a customer ticketing portal' that Oracle uses to help Micros customers remotely troubleshoot problems with their point-of-sale systems.

"Those sources further stated that the intruders placed malicious code on the Micros support portal, and that the malware allowed the attackers to steal Micros customer usernames and passwords when customers logged on the support website."

Oracle maintained that "payment card data is encrypted both at rest and in transit in the Micros hosted environment". But Krebs said the risk is that hackers could use the stolen passwords to upload malware directly to shops' PoS terminals.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The break-in is still being investigated, he added, with Oracle unsure when the hackers first accessed its systems.

Oracle initially thought the hack was limited to a few systems, before installing new security tools that discovered more than 700 infected systems within Oracle.

Krebs said he had only started investigating the incident a couple of weeks ago, after being contacted by a customer of Oracle Micros who had heard of a large breach within Oracle's retail division.

Further investigation led him to believe that Russian hacking group Carbanak was behind the malware, as it was communicating with a server known to be used by the gang.

Oracle acquired Micros in 2014 for $5.3 billion, and its technology is used in more than 330,000 customer sites globally.

Advertisement

Recommended

Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020
Visit/security/internet-security/355228/mozilla-fixes-two-firefox-zero-days-being-actively-exploited
internet security

Mozilla fixes two Firefox zero-days being actively exploited

6 Apr 2020

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft’s patent design reveals a mobile device with a third screen

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020