According to KrebsOnSecurity the attackers have compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems.
Oracle acknowledged that it had “detected and addressed malicious code in certain legacy MICROS systems.” It also said that it is asking all MICROS customers to reset their passwords for the MICROS online support portal.
MICROS is among the top three point-of-sale vendors globally. Oracle’s MICROS division sells point-of-sale systems used at more than 330,000 cash registers worldwide. When Oracle bought MICROS in 2014, the company said MICROS’s systems were deployed at some 200,000+ food and beverage outlets, 100,000+ retail sites, and more than 30,000 hotels.
The size and scope of the break-in is still being investigated, and it remains unclear when the attackers first gained access to Oracle’s systems. Oracle first considered the breach to be limited to a small number of computers and servers at the company’s retail division. However it started to look a lot worse as the investigation developed.
KrebsOnSecurity said an Oracle MICROS customer reported hearing about a potentially large breach at Oracle’s retail division.
Oracle’s MICROS customer support portal apparently had a chat to a server used by the Carbanak Gang. Carbanak is part of a Russian cybercrime syndicate that is suspected of stealing more than $1 billion from banks, retailers and hospitality firms over the past several years.