Oracle MICROS payment terminal biz hacked. Payments worldwide at risk

The systems of the Oracle MICROS payment terminals division have been infected by a malware, systems worldwide are potentially at risk. The hack that I’m going to tell you could have a serious and a huge impact, the systems of the Oracle MICROS payment terminals division have been infected.

MICROS is among the top three point-of-sale vendors worldwide, Oracle acquired MICROS in 2014 for around $5 billion.

What does it mean?

The Oracle MICROS payment terminals division is responsible for sales registers all over the world, so users that make payments at hotels and shops worldwide are potentially at risk.

Oracle MICROS payment terminals are installed in the most important retail chains worldwide as well as stores and hotels worldwide, more than 330,000 locations in 180 countries.

Among the most popular retail, foodservice, and hospitality firm using Oracle MICROS payment terminals there were Carnival, Hilton, Hyatt, IKEA, Marriott, Starbucks, and BJ’s.

The attackers infected the troubleshooting portal of the Oracle MICROS payment terminals to steal customers’ login credentials, then use the usernames and passwords to access their accounts and gain control over their MICROS point-of-sales (POS) terminals.

It is a big deal for the crooks.

According to the Consumerist.com, the company sent a memo to its customers urging the password reset for current and former MICROS accounts. The passwords of the accounts used by MICROS staff to remotely control payment terminals worldwide have to be reset.

“Oracle Security has detected and addressed malicious code in certain legacy MICROS systems,” reads a letter sent by the company to customers of its MICROS point-of-sale system.

Oracle internal network and cloud systems were not compromised by hackers, the company also clarified that payment card details are stored encrypted in transit and at rest.

The popular investigator Brian Krebs was the first to report the security breach, the experts speculated the involvement of a Russian criminal organization specialized in PoS attacks.

“A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers have compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems.” wrote Krebs.

Oracle is currently investigating the incident, it is not clear how attackers accessed the company systems. Krebs cited sources close to the investigation that say Oracle first considered the breach to be limited to a small number of systems at the retail division. That source also added that unfortunately, the intrusion may have impacted more than 700 infected systems.

PoS terminals are a privileged target of cyber criminals, the number of PoS malware detected in the wild is increasing such as their level of sophistication.

Stay Tuned.

 

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – PoS malware, Oracle MICROS payment)

[adrotate banner=”5″]

[adrotate banner=”13″]