14 DAY TRIAL // MICROS, Oracle's point-of-sale business, suffered a security breach last month after staff addressed malicious code on the MICROS support portal and some legacy MICROS systems, KrebsOnSecurity reports.
The attack came to light after an Oracle insider told Krebs, a security journalist, that the company had detected a breach on a number of computers and servers, which later turned out to be more than 700 systems.
The attackers used their initial foothold in the system to compromise the MICROS network, a system for handling customer payments via the MICROS system deployed on PoS terminals all over the world.
Attackers compromised Oracle MICROS support portal
Additionally, the attackers compromised the MICROS support portal, where the companies that deploy the MICROS software come to ask for help from Oracle's experts.
The hackers inserted malware in the site's source code that allowed them to log user login credentials.
An anonymous inside source told Krebs that the malware communicated with an outside server previously associated with Carbanak, a cyber-gang that stole over $1 billion from banks around the world using social engineering, targeted attacks, and custom malware.
To counteract the gang's actions, Oracle started a password reset for the tech support portal's entire userbase.
Oracle is third-largest provider of PoS software
Oracle declined to provide any information outside of the statement that it "detected and addressed malicious code in certain legacy MICROS systems."
Oracle bought MICROS Systems, Inc. in 2014 for $5.3 billion. Currently, Oracle is the third-largest provider of PoS software on the market. At the time when Oracle bought MICROS, the company's client portfolio included over 330,000 PoS terminals worldwide.
If Carbanak is truly behind the attacks, then Oracle's security team needs to keep an eye on their server for future attacks. Carbanak is not your regular crew of ordinary hackers, and just a few weeks back, the same Krebs provided some evidence linking the crew's operations with a Russian-based cyber-security firm.