Russian Gang Suspected of Hacking Oracle's POS System


Oracle has been investigating a point-of-sale system breach that may be the work of Russian cyberthieves.

Hackers compromised at least 700 computers on the MICROS POS system, used by hundreds of thousands of hotels, restaurants and retail outlets worldwide to process credit card transactions, Krebs on Security reported earlier this month.

More than 330,000 cash registers worldwide use MICROS, which ranks as one the world's three largest POS systems.

Oracle has alerted its customers about the intrusion, a spokesperson confirmed, but the company declined to release any further details.

"We are aware of the reported breach of Oracle's legacy MICROS systems," Marriott Hotels said in a statement provided to the E-Commerce Times by spokesperson Jeff Flaherty. "We are working closely with Oracle to better understand the situation and whether or not there may be any impact to our guests."

Oracle told customers that it had addressed the malicious code found in the MICROS system, according to the Krebs report. The company forced a password reset on all support accounts.

There recently has been an increase in incidents linked to retail and hospitality, noted Kevin O'Brien, president of GreatHorn.

Although he did not have any direct insight, he suspected that certain breaches might have been linked to the MICROS hack.

"We do have clients that are in related spaces and verticals that have reached out to us over the past few days," O'Brien told E-Commerce Times.

Those incidents were related to credit card information and credentials, he said, declining to be more specific.

The Oracle breach may have been connected to Russian cyberthieves known as the "Carbanak gang," according to the Krebs report, which cites two security experts who were briefed on the investigation but asked not to be identified.

The Carbanak gang has been linked to previous hacks targeting financial institutions, which used malware hidden in spearphishing emails to access bank accounts. Some attacks targeted ATMs. Estimates of the gang's take from its activities range to US$1 billion.

Malware from the MalumPOS family also targeted systems running the Oracle POS platform, TrendLabs reported earlier this year.

MalumPOS is written in the Delphi language and can scrape memory contents of targeted processes, the firm noted.

Although Oracle's MICROS system is prevalent in the hospitality industry, it also is used by a wide variety of retail companies, according to Paula Rosenblum, managing partner at RSR Research.

"Of course it's an important system, but we have no idea what -- if any -- data was stolen," she told the E-Commerce Times. "I would suspect if there was a significant theft anywhere, we would have heard about it."

Eighteen major chains, as well as many smaller independent properties, use the MICROS POS system to process transactions at hotels and hotel restaurants, observed Henry Harteveldt, travel industry analyst at Atmosphere Research.

"Basically it is the cash register for the entire hotel," he told the E-Commerce Times, explaining that the system is used for room allocations, and when reservations are made through the local properties as opposed to national reservations lines. MICROS also processes transactions at gift shops, room service, and tennis and golf shops, along with other concessions at hotel properties.

Oracle acquired MICROS Systems in 2014 in a deal valued at $5.3 billion.

David Jones is a freelance writer based in Essex County, New Jersey. He has written for Reuters, Bloomberg, Crain's New York Business and The New York Times.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Tumblr Now Supports Apple 'Live Photos' on the Web

    Apple's Live Photos, which turn still photos into GIF-like animations when touched, are now more easily accessible on the Web thanks to Tumblr.Whenever you see that famous Live Photo icon, click and hold to make them swing," Tumblr said in a blog post.
  • 5300c769af79e

    Google for iOS Goes Incognito

    As it does in Chrome, the feature allows users to surf without having searches and browser history collected.For added security, Unni Narayanan, director of Google product management, suggests enabling Touch ID so only your unique fingerprint (or those of anyone whose prints are saved on your phone) can unlock an existing incognito session.
  • 5300c769af79e

    Empowering the Overwhelmed SOC

    Download While security teams continue to add their threat protection arsenal, they are struggling to keep up with the threats.Security information and event management (SIEM) products, threat analytics platforms, advanced endpoint protection (AEP) products, user entity behavior analytics (UEBA) tools, and incident response platforms all help increase visibility into threats, but significant gaps remain in how security analysts ingest and process data from these tools.
  • 5300c769af79e

    SwiftKey Neural Keyboard Prediction Gets a Boost

    One day, your phone's keyboard will know and understand you so well it'll predict entire text messages in your tone of voice.But until then, SwiftKey Neural Keyboard promises more accurate and useful next-word predictions.