Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

MICROS Hackers Targeted Five Other PoS Vendors

The cybercrime gang that breached the systems of Oracle-owned point-of-sale vendor MICROS has reportedly also targeted several other similar companies.

The cybercrime gang that breached the systems of Oracle-owned point-of-sale vendor MICROS has reportedly also targeted several other similar companies.

Oracle admitted last week that it had detected malicious code on certain legacy MICROS systems and advised customers to change their passwords for support accounts and accounts used by MICROS representatives to remotely access their on-premise systems.

Oracle has assured customers that other services are not impacted and that payment card data is encrypted in customer environments hosted by MICROS.

Experts involved in the investigation told security blogger Brian Krebs that the breached support portal communicated with a server associated with Carbanak, the threat actor believed to have stolen as much as one billion dollars between 2013 and 2015 from more than 100 banks worldwide. A security alert issued by Visa following the MICROS breach includes indicators of compromise (IoC), which also show a link to Carbanak.

It appears that Oracle’s MICROS was not the only PoS vendor targeted by the group. Cybercrime monitoring company Hold Security told Forbes that the same hackers also claimed to have penetrated the systems of five other PoS system vendors, including ECRS, Cin7, PAR Technology, Navy Zebra and Uniwell.

ECRS confirmed to Forbes that malicious code had been found on one of its web portals, but claimed that the attackers might have stolen only employee, vendor and customer contact information – payment card processing systems were allegedly not impacted.

Navy Zebra is still investigating the possible breach, but its website is offline at the time of writing for scheduled maintenance and upgrades. Cin7, PAR Technology and Uniwell have confirmed finding hacked servers, but they claim no sensitive information has been compromised.

“These security breaches are yet another reminder of the vulnerabilities associated with point-of-sale (POS) systems. Businesses need to regularly update POS systems for legitimate business reasons. But the same access tools that facilitate this update process are the weak points that criminals exploit,” George Rice, senior director at HPE Security-Data Security, told SecurityWeek.

Advertisement. Scroll to continue reading.

“Once they gain access, thieves may exfiltrate sensitive cardholder data by embedding data-stealing malware into the merchant POS. More often than not, malware will reside in insecure systems for months before being detected, which can expose large quantities of sensitive data records to data thieves,” Rice added.

“To combat these vulnerabilities, businesses must remove all unprotected sensitive data from insecure systems like a merchant POS. Format-preserving security approaches have proven to be the best way to do this while avoiding disruption to business operations,” the expert said. “With format-preservation data security tools, businesses may encrypt and tokenize sensitive data values so that the protected value has the same formats as the original. Then insecure systems like POS, store servers and payment switches can properly perform the payment authorization process using protected data that it useless to criminal malware.”

Related Reading: PoS Trojan Bypasses Account Control Posing as Microsoft App

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.