Russian Gang Suspected of Hacking Oracle's POS System


Oracle has been investigating a point-of-sale system breach that may be the work of Russian cyberthieves.

Hackers compromised at least 700 computers on the MICROS POS system, used by hundreds of thousands of hotels, restaurants and retail outlets worldwide to process credit card transactions, Krebs on Security reported earlier this month.

More than 330,000 cash registers worldwide use MICROS, which ranks as one the world's three largest POS systems.

Oracle has alerted its customers about the intrusion, a spokesperson confirmed, but the company declined to release any further details.

"We are aware of the reported breach of Oracle's legacy MICROS systems," Marriott Hotels said in a statement provided to the E-Commerce Times by spokesperson Jeff Flaherty. "We are working closely with Oracle to better understand the situation and whether or not there may be any impact to our guests."

Oracle told customers that it had addressed the malicious code found in the MICROS system, according to the Krebs report. The company forced a password reset on all support accounts.

There recently has been an increase in incidents linked to retail and hospitality, noted Kevin O'Brien, president of GreatHorn.

Although he did not have any direct insight, he suspected that certain breaches might have been linked to the MICROS hack.

"We do have clients that are in related spaces and verticals that have reached out to us over the past few days," O'Brien told E-Commerce Times.

Those incidents were related to credit card information and credentials, he said, declining to be more specific.

The Oracle breach may have been connected to Russian cyberthieves known as the "Carbanak gang," according to the Krebs report, which cites two security experts who were briefed on the investigation but asked not to be identified.

The Carbanak gang has been linked to previous hacks targeting financial institutions, which used malware hidden in spearphishing emails to access bank accounts. Some attacks targeted ATMs. Estimates of the gang's take from its activities range to US$1 billion.

Malware from the MalumPOS family also targeted systems running the Oracle POS platform, TrendLabs reported earlier this year.

MalumPOS is written in the Delphi language and can scrape memory contents of targeted processes, the firm noted.

Although Oracle's MICROS system is prevalent in the hospitality industry, it also is used by a wide variety of retail companies, according to Paula Rosenblum, managing partner at RSR Research.

"Of course it's an important system, but we have no idea what -- if any -- data was stolen," she told the E-Commerce Times. "I would suspect if there was a significant theft anywhere, we would have heard about it."

Eighteen major chains, as well as many smaller independent properties, use the MICROS POS system to process transactions at hotels and hotel restaurants, observed Henry Harteveldt, travel industry analyst at Atmosphere Research.

"Basically it is the cash register for the entire hotel," he told the E-Commerce Times, explaining that the system is used for room allocations, and when reservations are made through the local properties as opposed to national reservations lines. MICROS also processes transactions at gift shops, room service, and tennis and golf shops, along with other concessions at hotel properties.

Oracle acquired MICROS Systems in 2014 in a deal valued at $5.3 billion.

David Jones is a freelance writer based in Essex County, New Jersey. He has written for Reuters, Bloomberg, Crain's New York Business and The New York Times.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    iPhone 7 Photos Leak, Indicating Camera Improvements

    Attend this video panel and you will hear industry experts engage in a lively conversation on the Leaked photos purportedly show the rear casing for Apple's upcoming iPhone 7, which features a much larger opening for the camera on June 25 appear to show the casing on the iPhone 7 with a much larger camera sensor opening than the previous iPhone, as well as a possible dual-camera configuration for the larger iPhone 7 Plus.
  • 5300c769af79e

    The Problem with Privileged Users: What You Don't Know Can Hurt You

    Download A data breach is an organization's worst nightmare, especially in highly regulated industries like healthcare or education.What most organizations don't realize is that the most common sources for security incidents are right in front of them: privileged users.
  • 5300c769af79e

    Apple Kills Flash On Safari 10, Will Focus On HTML 5

    Instead, Apple will focus on HTML5.Through a June 14 blog post by Apple engineer Ricky Mondello, Apple announced that it would be deactivating Adobe Flash by default on Safari 10, the version of the web browser shipping with macOS Sierra in the fall.
  • 5300c769af79e

    Chat App Line Adds Disappearing Posts

    Messaging app Line is taking another page from Snapchat's book by adding disappearing posts.Users can tap the clock icon in the upper-right corner to create a 24-hour post, which is "perfect for expressing how you're feeling right in the moment," Line said in a blog post.