Breach of Oracle's Micros POS System Could Be Far-Reaching

NEWS ANALYSIS: Oracle's POS platform was revealed to be at risk, possibly giving attackers a backdoor to thousands of systems. The breach was not surprising to security experts.

Retail POS security

Point-of-sale malware is nothing new, but on Aug. 8, news of a potentially extensive POS breach came out. Oracle's Micros POS system was breached, which could have widespread implications for the retail industry. The breach was first reported by Krebs on Security and confirmed by Oracle in a letter sent to its Micros customers.

"Oracle Security has detected and addressed malicious code in certain legacy MICROS systems," the letter states. "Oracle's corporate network and Oracle's other cloud and service offerings were not impacted by this code."

Oracle acquired Micros in June 2014 for $5.3 billion and has since continued to build and develop the POS software platform. The Micros platform is used at approximately 330,000 customer sites around the world, making it one of the most widely used POS systems.

Oracle's letter to customers noted that the Micros system uses encryption for customer data at rest and in motion, which helps protect organizations and limit risk. Oracle is also advising Micros customers to reset passwords on their Micros accounts to help mitigate any potential impact of the breach.

The Micros breach wasn't surprising to security experts whom eWEEK contacted.

Nathan Wenzler, principal security architect at AsTech Consulting, commented that POS deployments have long been an area of security concern, as they are often not considered to be like other "normal" workstations or servers despite often running modified versions of the same operating systems.

"The attack chain described so far is an incredibly common one: compromise a single system, use it as a beachhead to compromise more systems, gain credentials of any sort and then use those to further compromise more systems," Wenzler told eWEEK.

While it's just another breach of a POS system, the Micros breach could be far-reaching, given the scope, depth and breadth in which Micros platforms have been deployed, said Chris Roberts, chief security architect at security vendor Acalvio.

"So many of us travel; the industry is huge, and to have one of the largest POS manufacturers in that industry so completely hacked is a major issue," Roberts told eWEEK.

The obvious unanswered questions now are about the precise origin of the attack and how long the attackers were present in the system, he said.

While it's not yet clear how the breach happened, it's possible to speculate based on how past POS breaches have occurred.

The most likely situation is that there was a compromise of credentials that allowed access to the customer support portal for the Micros systems, Wenzler said. Once access to the customer portal backend was achieved, the attackers could easily deploy malware to steal the credentials of customers as they logged in.

"No matter what the initial attack vector was to break into the first system, gaining access to credentials was likely the ultimate goal and method used to breach these systems and install malware to begin to scrape data, gain credit card information or attack other connected systems," Wenzler said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.