Russian hackers had access to Oracle’s Micros POS system

Oracle has confirmed to security researcher Brian Krebs that it has detected malicious code in certain Micros POS systems. The researcher assumes that this is the work of the Russian Carbanak group, which specializes in banks.

Krebs writes that he has been investigating the incident since late June, when he received a tip from a reader. According to its sources, the Russian group initially managed to gain access to a single Oracle system, after which it was able to infect other systems with malware as well. Among these systems was the Micros POS system support portal. According to the researcher, this is used at more than 330,000 cash registers worldwide. The scope of the hack is not yet clear, as it currently concerns more than 700 infected systems.

The support portal allows Micros customers to troubleshoot remotely. The malware allowed the hackers to steal login credentials. Oracle has therefore asked its customers to reset passwords. Krebs estimates that the login details enable the criminals to place malware on cash registers, with which payment details can be stolen. He found out about the Carbanak group after one of his sources told me that the support portal was connected to a server often used by the group.

In a letter to customers, Oracle said that the internal company network and other services were not affected by the hack. Oracle acquired Micros Systems in 2014 for $5.3 billion.