A security breach at software giant Oracle has affected more than 700 internal systems in an attack believed to have been perpetrated by cyber criminals operating out of Russian Federation.
Advertisement
An anonymous inside source told Krebs that the malware communicated with an outside server previously associated with Carbanak, a cyber-gang that has stolen over $1 billion from banks around the world using social engineering, targeted attacks, and custom malware.
None of that has been confirmed yet, but Krebs said that Oracle didn’t comment on the rumors directly, and we found the same when we got in touch with the company. Only later did they realise that the breach affected over 700 computers at Oracle’s retail division.
It’s not clear how widespread the hack is and how the attackers gained access to Oracle systems, Krebs reported. The letter said payment card data is encrypted “both at rest and in transit” in the Micros system.
Krebs claims that he only started investigating the incident two weeks ago, after being contacted by an Oracle MICROS customer who had heard about a “potentially large breach” within Oracle’s retail division. Micros is among the top three vendors in the POS space and the full extent of the damage, if any, is yet uncertain.
In a statement that Oracle is apparently in the process of sending to MICROS customers, Oracle said it was forcing a password reset for all support accounts on the MICROS portal.
This breach could be little more than a nasty malware outbreak at Oracle.
Oracle bought the point-of-sale terminal maker in 2014.
Advertisement
In addition, Oracle also asserted that its other corporate networks, cloud services, and systems were not affected by the data breach. Many have had their systems infiltrated, often by attacks on system administration accounts and passwords used for remote access. If the hackers intercepted point-of-sale information, they would gain access to customer names and card numbers but presumably not any other information, although that can’t be positively determined until more is known about the breach. This data could then be used by the attackers to spend the victim’s money.
