Cybercrime

Russian Gang Suspected of Hacking Oracle’s POS System

Oracle has been investigating a point-of-sale system breach that may be the work of Russian cyberthieves.

Hackers compromised at least 700 computers on the MICROS POS system, used by hundreds of thousands of hotels, restaurants and retail outlets worldwide to process credit card transactions, Krebs on Security reported earlier this month.

More than 330,000 cash registers worldwide use MICROS, which ranks as one the world’s three largest POS systems.

Oracle has alerted its customers about the intrusion, a spokesperson confirmed, but the company declined to release any further details.

“We are aware of the reported breach of Oracle’s legacy MICROS systems,” Marriott Hotels said in a statement provided to the E-Commerce Times by spokesperson Jeff Flaherty. “We are working closely with Oracle to better understand the situation and whether or not there may be any impact to our guests.”

Malicious Code

Oracle told customers that it had addressed the malicious code found in the MICROS system, according to the Krebs report. The company forced a password reset on all support accounts.

There recently has been an increase in incidents linked to retail and hospitality, noted Kevin O’Brien, president of GreatHorn.

Although he did not have any direct insight, he suspected that certain breaches might have been linked to the MICROS hack.

“We do have clients that are in related spaces and verticals that have reached out to us over the past few days,” O’Brien told E-Commerce Times.

Those incidents were related to credit card information and credentials, he said, declining to be more specific.

The Oracle breach may have been connected to Russian cyberthieves known as the “Carbanak gang,” according to the Krebs report, which cites two security experts who were briefed on the investigation but asked not to be identified.

The Carbanak gang has been linked to previous hacks targeting financial institutions, which used malware hidden in spearphishing emails to access bank accounts. Some attacks targeted ATMs. Estimates of the gang’s take from its activities range to US$1 billion.

Malware from the MalumPOS family also targeted systems running the Oracle POS platform, TrendLabs reported earlier this year.

MalumPOS is written in the Delphi language and can scrape memory contents of targeted processes, the firm noted.

Retail and Hospitality

Although Oracle’s MICROS system is prevalent in the hospitality industry, it also is used by a wide variety of retail companies, according to Paula Rosenblum, managing partner at RSR Research.

“Of course it’s an important system, but we have no idea what — if any — data was stolen,” she told the E-Commerce Times. “I would suspect if there was a significant theft anywhere, we would have heard about it.”

Eighteen major chains, as well as many smaller independent properties, use the MICROS POS system to process transactions at hotels and hotel restaurants, observed Henry Harteveldt, travel industry analyst at Atmosphere Research.

“Basically it is the cash register for the entire hotel,” he told the E-Commerce Times, explaining that the system is used for room allocations, and when reservations are made through the local properties as opposed to national reservations lines. MICROS also processes transactions at gift shops, room service, and tennis and golf shops, along with other concessions at hotel properties.

Oracle acquired MICROS Systems in 2014 in a deal valued at $5.3 billion.

David Jones is a freelance writer based in Essex County, New Jersey. He has written for Reuters, Bloomberg, Crain's New York Business and The New York Times.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by David Jones
More in Cybercrime

E-Commerce Times Channels