A Russian cybercrime group has breached hundreds of point-of-sale computer systems from Oracle.
On Monday, KrebsonSecurity reported the data breach. Oracle acknowledged to the site that it had “detected and addressed malicious code in certain legacy MICROS systems.” It also said that it is asking all MICROS customers to reset their passwords for the MICROS online support portal.
Oracle reported in 2014 that MICROS’ systems were deployed at some 200,000+ food and beverage outlets, 100,000+ retail sites, and more than 30,000 hotels
KrebsonSecurity reported two unidentified researchers who said Oracle’s MICROS customer support portal was seen communicating with a server known to be used by the Carbanak Gang with ties to Russia. A source briefed on the investigation says the breach likely started with a single infected system inside of Oracle’s network that was then used to compromise additional systems. Among those was a customer “ticketing portal” that Oracle uses to help MICROS customers remotely troubleshoot problems with their point-of-sale systems, according to Krebs.
A statement being mailed to MICROS customers said “We also recommend that you change the password for any account that was used by a MICROS representative to access your on-premises systems.” This seems to suggest the company is concerned that compromised credentials for customer accounts at the MICROS support portal could be used to remotely administer — and, more importantly, to upload card-stealing malware to — some customer point-of-sale systems, said Krebs.