The systems of the Oracle MICROS payment terminals division have been infected by a malware, systems worldwide are potentially at risk. The attackers infected the troubleshooting portal of the Oracle MICROS payment terminals to steal customers’ login credentials, then use the usernames and passwords to access their accounts and gain control over their MICROS point-of-sales (POS) terminals. IT Security Experts from ESET, Lieberman Software and Imperva commented below.
Mark James, Security Specialist at ESET:
As this malware would be very stealthy it may have been there for some time secretly harvesting information without notice, because of the way malware infiltrates and propagates through systems it’s often chance that honey pots like this end up being captured and used for foul means but when they hit the jackpot the rewards can be massive.”
Jonathan Sander, VP of Product Strategy at Lieberman Software:
Itsik Mantin, Director of Security Research at Imperva:
“This security incident against Oracle POS systems shows once again that no system is immune to security breaches. Like in other breaches, there are many unknowns, including 1) the length of time the malware was in the Oracle systems before discovery by the new security tools, 2) which data was stolen and 3) what the attackers have done with the stolen data.
It’s entirely possible that the data stolen in this breach including user credentials has been used to extend the hack into commercial web applications such as shops, hotels, and retail outlets.
This incident is yet again a lesson for any organization that has sensitive information: while attempting to avoid infection and penetration, you must have other plans in place to detect and contain an infection or a breach once it happens. It’s not enough to rely on password policies, which are of no use when the credentials are stolen, to prevent attacks. Those in charge of web applications should be mindful to take specific detection measures to validate the authenticity of login to the system, treating with caution login from unexpected countries or anonymous networks, or logins from a web bot and rate limiting login attempts, in particular, those using credentials known to be stolen.”