Oracle data breach: Russian cybercrime syndicate suspected in malware attack targeting over 300,000 systems

Oracle's Micros point-of-sale credit card payment systems have been hit by hackers. Hundreds of computer systems are believed to have been infected with malware, potentially leaving over 300,000 credit card reading machines, used across the globe, vulnerable to attacks. Oracle has confirmed that it is investigating the breach. Micros is credited with being one of the top three global vendors of point-of-sale systems, which are used by cash registers around the world.

According to Brian Krebs, who first reported about the cyberattack, the hackers have also compromised a customer support portal meant for firms using Micros systems. The data breach is believed to be the work of a Russia-based cybercrime syndicate called Carbanak Gang. The hacker group's criminal activities are suspected to have netted them over $1bn, stolen from banks, retailers and others over the past several years.

Although Oracle is yet to detail the specifics of the breach, the firm maintains that its corporate network, systems, cloud and other services have not been impacted by the breach. However, the firm said that it has requested Micros customers to reset their passwords. "We also recommend that you change the password for any account that was used by a Micros representative to access your on-premises systems," Oracle said.

"This [incident] could explain a lot about the source of some of these retail and merchant point-of-sale hacks that nobody has been able to definitively tie to any one point-of-sale services provider," said Gartner Inc. Fraud analyst Avivah Litan. "I'd say there's a big chance that the hackers in this case found a way to get remote access." This means that hackers could potentially, remotely control and operate Micros customers' on-site point-of-sale devices.

Malware attack

According to an unnamed source, the malware attack likely originated from a single infected system within Oracle's networks, which was then used to compromise other machines. Micros support portal was allegedly infected with malware, which allowed the hackers to gain access to customers' usernames and passwords when they logged in to the site.

Oracle, however, stressed that "payment card data is encrypted both at rest and in transit in the Micros hosted customer environments".

Point-of-sale malware attacks are believed to be the driving force behind most recent credit card-related breaches, including similar cyberattacks sustained by Hilton hotels, Target and Home Depot. According to Krebs, in such attacks, hackers infect devices with malware via remote admin tools. The malware then allows the hackers to remotely grab data, every time that a card is swiped at the compromised cash register.

According to Krebs, it is still uncertain as to how hackers managed to first gain access to Oracle's systems. The company is believed to be investigating the extent of the damage caused by the breach.