A reported data breach affecting retailers using Oracle’s Micros point-of-sale systems could be linked to a Russian hacking group that stole up to $1 billion from banks in 2014.
The attack on Oracle’s computer systems and Micros customer portal first came to light on July 25, according to IT security writer Brian Krebs. That’s when a Micros customer contacted the KrebsOnSecurity blog to report “a potentially large breach at Oracle’s retail division.”
We reached out to Oracle for a comment on the report but did not receive a response before press time. However, Krebs reported that the company, which advised customers to change their Micros portal passwords, had “detected and addressed malicious code in certain legacy Micros systems.”
Call for Password Reset
Founded in 1977, Maryland-based Micros Systems specialized in software and hardware for point-of-sale transactions in stores, restaurants, hotels and other businesses. Oracle purchased Micros for $5.3 billion in 2014.
Oracle most recently updated its Micros offerings in March when it launched the Micros Workstation 6 family of point-of-sale hardware, software and other components. At the time of Oracle’s acquisition of the company, Micros reported its equipment and services were used at 330,000 customer sites across 180 countries.
The recent breach of Micros systems is still being investigated by Oracle, according to Krebs. He cited a “source briefed on the investigation” who said the attack appears to have spread from a single infected system, enabling the attackers to infect the support portal and steal the credentials of users who logged into the customer portal.
Krebs added that Oracle was forcing a password reset for its Micros portal customers but noted that any payment card data handled by the systems was “encrypted both at rest and in transit.”
2104 Attack Hit Banks Globally
According to Krebs, two unnamed security experts said the Oracle portal “was seen communicating with a server known to be used by the Carbanak Gang.”
Some 100 banks across numerous countries were targeted by the Carbanak hackers in 2014, with individual targets losing between $2.5 million and $10 million. Countries reporting the heaviest losses included Russia, the U.S., Germany, China and Ukraine, according to the security firm Kaspersky.
In a report on those attacks last year, Kaspersky noted that “the first samples of malware used by Carbanak were created back in August 2013.” The first signs of an infection by the group’s malware appeared in December of that year, and thefts from infected bank accounts began in February of 2014, with attacks peaking in June 2014.
A spokesperson for Kaspersky told us today that the company doesn’t have any further updates to report about Carbanak. Krebs added in his report that “[t]he breach comes at a pivotal time for Oracle, which has been struggling to compete with other software giants like Amazon and Google in cloud-based services.” Oracle last month announced that it plans to acquire cloud services pioneer NetSuite for $9.3 billion.