The Channel

Big Red alert: Oracle's MICROS payment terminal biz hacked

Shops, hotels worldwide warned after support portal pwned

By Shaun Nichols in San Francisco


Hackers infected hundreds of computers within Oracle, infiltrated the support portal for its MICROS payment terminals division, and potentially accessed sales registers all over the world.

The miscreants installed malware on the troubleshooting portal to capture customers' usernames and passwords as they logged in. These credentials can be used to access their accounts and remotely administer their MICROS point-of-sales (POS) terminals.

The ranks of MICROS customers are said to include a number of major retail chains as well as hotels, with systems installed in more than 330,000 sites in 180 countries. Whoever broke into the database giant's systems potentially had control over all those payment terminals, and clearly hit the jackpot.

In a memo sent this month to MICROS customers, businesses were told to reset their current and former MICROS account passwords – particularly any passwords used by MICROS staff to remotely control any on-site payment terminals.

"Oracle Security has detected and addressed malicious code in certain legacy MICROS systems," reads the letter from Big Red.

According to the warning note, while its MICROS division was ransacked by hackers, Oracle's corporate network and cloud systems were not compromised, and that people's payment card details are stored encrypted in transit and at rest – meaning, hopefully, whoever hacked the corporation didn't get at people's credit and debit card numbers.

Investigative journo Brian Krebs suspects the infiltration affected as many as 700 computers within Oracle and is the work of a Russian malware gang targeting POS systems.

Oracle acquired MICROS, which makes and supports retail and hotel sales terminals, in 2014 in a $5bn acquisition deal. Oracle is still probing the security breach at its payment terminal division.

POS terminals – or, as most of us just call them, "cash registers" – have emerged as the favorite target for many cybercriminal gangs looking for a cheap and easy way to capture huge quantities of payment cards.

By breaching a retailer's internal network and infecting the individual terminals with malware, criminals can collect millions of valid card numbers in a relatively short amount of time. The most notable example of this was the 2013 breach of Target that resulted in some 40 million customer payment cards and ended up costing the retailer hundreds of millions of dollars. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Apache Hadoop spins cracking code injection vulnerability YARN

Loose .zips sink chips 2: Electric Boogaloo

Oracle: Run, don't walk, to patch this critical Database takeover bug

Flaw in House Larry's flagship product allows 'complete compromise' of servers

Oracle gets busy with Lazy FPU fix, adds more CPU Spectre-protectors

Oracle Linux and VM get their innoculations

Google Play Store spews malware onto 9 million 'Droids

How did these get through the net?

If you're using Dell EMC Avamar, even in VMware's vSphere, you need to grab and install these security updates

Unless you want your private key to leak, watch miscreants inject commands, etc

You dirty DRAC: IT bods uncover Dell server firmware security slip

Weakness not easy to leverage, but iDRAC exploit would mean game over for admins

Oracle Access Manager is a terrible doorman: Get patching this bug

Security tool can be gamed to let any old riffraff into data

Umm, Oracle – about that patch? It might not be very sticky ...

Security researcher says WebLogic fix can be bypassed, posts proof-of-concept

SoftNAS no longer a soft touch for hackers (for now)... Remote-hijacking vulnerability patched

Your files are someone else's files, too, thanks to storage bug

Hurry up patching those Oracle bugs: Attackers aren't waiting

Honeypots swarmed on within three hours of patch release