Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



MICROS Hackers Targeted Five Other PoS Vendors

The cybercrime gang that breached the systems of Oracle-owned point-of-sale vendor MICROS has reportedly also targeted several other similar companies.

The cybercrime gang that breached the systems of Oracle-owned point-of-sale vendor MICROS has reportedly also targeted several other similar companies.

Oracle admitted last week that it had detected malicious code on certain legacy MICROS systems and advised customers to change their passwords for support accounts and accounts used by MICROS representatives to remotely access their on-premise systems.

Oracle has assured customers that other services are not impacted and that payment card data is encrypted in customer environments hosted by MICROS.

Experts involved in the investigation told security blogger Brian Krebs that the breached support portal communicated with a server associated with Carbanak, the threat actor believed to have stolen as much as one billion dollars between 2013 and 2015 from more than 100 banks worldwide. A security alert issued by Visa following the MICROS breach includes indicators of compromise (IoC), which also show a link to Carbanak.

It appears that Oracle’s MICROS was not the only PoS vendor targeted by the group. Cybercrime monitoring company Hold Security told Forbes that the same hackers also claimed to have penetrated the systems of five other PoS system vendors, including ECRS, Cin7, PAR Technology, Navy Zebra and Uniwell.

ECRS confirmed to Forbes that malicious code had been found on one of its web portals, but claimed that the attackers might have stolen only employee, vendor and customer contact information – payment card processing systems were allegedly not impacted.

Navy Zebra is still investigating the possible breach, but its website is offline at the time of writing for scheduled maintenance and upgrades. Cin7, PAR Technology and Uniwell have confirmed finding hacked servers, but they claim no sensitive information has been compromised.

Advertisement. Scroll to continue reading.

“These security breaches are yet another reminder of the vulnerabilities associated with point-of-sale (POS) systems. Businesses need to regularly update POS systems for legitimate business reasons. But the same access tools that facilitate this update process are the weak points that criminals exploit,” George Rice, senior director at HPE Security-Data Security, told SecurityWeek.

“Once they gain access, thieves may exfiltrate sensitive cardholder data by embedding data-stealing malware into the merchant POS. More often than not, malware will reside in insecure systems for months before being detected, which can expose large quantities of sensitive data records to data thieves,” Rice added.

“To combat these vulnerabilities, businesses must remove all unprotected sensitive data from insecure systems like a merchant POS. Format-preserving security approaches have proven to be the best way to do this while avoiding disruption to business operations,” the expert said. “With format-preservation data security tools, businesses may encrypt and tokenize sensitive data values so that the protected value has the same formats as the original. Then insecure systems like POS, store servers and payment switches can properly perform the payment authorization process using protected data that it useless to criminal malware.”

Related Reading: PoS Trojan Bypasses Account Control Posing as Microsoft App

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...