lolloj - Fotolia

Oracle Micros breach highlights PoS and supply chain security risks

Oracle Micros breach shows supply chain and point of sale systems continue to be popular avenues of attack for cyber criminals

A cyber breach at Oracle’s Micros point of sale (PoS) division highlights the security vulnerability in the supply chains of large organisations, say industry experts.

Oracle is urging Micros customers to change their passwords and any passwords used by Micros representatives to access their on-premise systems.

The company said it had discovered a breach in its Micros division, but had dealt with malware discovered in some legacy systems.

Oracle said its corporate network and other cloud and service offering were not affected by the breach and that all payment card data is encrypted at rest and in transit.

According to security blogger Brian Krebs, who was the first to report the breach, it appears that the Carbanak cyber criminal gang managed to breach around 700 computer systems at Oracle.

In 2015, the gang was linked to the theft of up to $1bn from banks, e-payment systems and financial institutions in around 30 countries, with losses in the UK reportedly running into tens of millions.

Citing anonymous sources, Krebs said the breach is believed to have started with a single infected system inside of Oracle’s network that was then used to compromise additional systems, including a support portal used to help Micros customers remotely troubleshoot problems with their PoS systems.

The sources also said the intruders installed malware on the support portal, and that the malware allowed the attackers to steal Micros customer usernames and passwords.

Supply chain favoured by attackers

Micros is among the top three PoS suppliers globally, with its systems used by more than 330,000 cash registers worldwide.

Krebs said Oracle’s statement indicates that the company is concerned that compromised credentials could be used to remotely administer or upload card-stealing malware to customer PoS systems.

Shai Gabay, chief innovation officer at security firm Cyberbit, said the breach once again demonstrates that the supply chain is a favourite route of attack, especially for larger organisations.

“Large organisations are often required to support remote maintenance services, but we see that they lack sufficient mechanisms to control them,” he said.

In 2015, almost two-thirds of data breaches at retailers were linked to compromises of PoS systems, according to the 2016 Verizon Data Breach Investigations Report (DBIR).

Gabay said it is usually easier to hack the suppliers in a supply chain first because they are typically small, vulnerable and less protected companies.

“It is an easy gateway to enter into the network of larger, well-protected enterprises,” he said, which was shown in the 2013 attack on US retailer Target, which was compromised through a supplier.

Read more about data breaches

The attackers were then able to install malware on Target’s PoS systems to steal customer data and payment card details from millions of customers.

Compromised PoS systems and supply chain breaches have also been linked to data breaches at other US retailers and hotel groups including Home Depot, the Mandarin Oriental hotel group, the Hilton Worldwide hotel chain, and the Trump Hotel Collection.

Gabay said that to gain more control of remote maintenance services, organisations need to use proxy isolation to prevent suppliers from accessing their network and uploading files that spread malware.

“Organisations also need to manage and enforce strict password policies for third-party suppliers, continuously monitor privileged user accounts and perform full audits of supplier activities,” he said.

Adam Levin, chairman and founder of security firm IDT911, said it is not unreasonable to assume that many PoS systems have become points of sabotage for cyber criminals.

“While it is imperative that Micros customers change all log-in credentials, it is also important for consumers to carefully check their credit and debit accounts often for any indication that their payment cards have been compromised,” he said.

Read more on Privacy and data protection