GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?

Table of Contents

Lead Story

Mobile gaining ground in stores

Ann Train


Industry Update

CVS Pay joins mobile payment roster

Walgreens rewards Android, Apple users

Oracle fails to predict, prevent POS breach

NFC a bargaining chip for Apple, Australian banks


PayPal and Square: Q2 2016 earnings

Payments maintains strong presence on Inc. 5000

Mobile debit shift


Virtual cards deserve a place among healthcare payment choices

Jeffrey W. Brown

No cash? No checks? Nonsense.

Patti Murphy
ProScribes Inc.


Street SmartsSM:
To own or not to own the POS system sales process

John Tucker
1st Capital Loans LLC

Selecting the right ISO partner

Aaron Nasseh
Finical Inc.

Become an agent of change in payments

Jeff Fortney
Clearent LLC

Payfac: Fad or new norm?

Adam Atlas
Attorney at Law

Is it time to hunt for greener pastures?

Steven Feldshuh
Merchants' Choice Payment Solutions East

Company Profile

Forte Payment System

New Products

Comprehensive POS, business management

Groovv POS
Total Merchant Services Inc.

Compact mag stripe, smart card, contactless reader

UniPay III
International Technologies and Systems Corp.


Qualify prospects, save time


Letter from the editors

Readers Speak

Resource Guide


A Bigger Thing

The Green Sheet Online Edition

September 12, 2016  •  Issue 16:09:01

previous next

Oracle fails to predict, prevent POS breach

Following a punishing wave of attacks against POS systems, forensic experts are working with merchants and technology companies to patch vulnerabilities and reach out to millions of potentially affected business owners and consumers. Security analysts have stated that Oracle Corp.'s Micros POS systems, among others, may have become central access points for cybercriminals in these attacks.

The first sign of trouble surfaced Aug. 8, 2016, when Micros, the POS division of Oracle, revealed a malware attack that may have compromised 300,000 Micros payment terminals. Security analyst and investigative reporter Brian Krebs initially reported the incident, attributing the hack to a Russian group, alternatively known as the Carbanak Gang and Anunak. The criminals allegedly exploited a vulnerability in Oracle's customer support portal, where they stole customers' login credentials to gain entry to a large population of Micros POS terminals.

Cybercriminals armed with login credentials can exploit a range of banking, credit card and personal accounts. This approach has been successfully deployed against Micros and five other prominent POS brands. New revelations surfaced Aug. 11 that Cin7, ECRS, NavyZebra, PAR Technology Corp. and Uniwell Corp. have reportedly found anomalies in their internal systems and backend technology.

Too little, too late

"Oracle is no stranger to cybersecurity issues," said John Wethington, Vice President of Americas at Ground Labs Pte. Ltd., an international security company with offices in Austin, Texas; Dublin; and Singapore. "[The Micros hack] blows the doors open to what we've said all along: It only takes one POS entry point for an entire system to be compromised."

Wethington noted that many malware tools, readily available on the Dark Web, are designed to scrape payment card data. "Cybercriminals establish a footprint within POS systems they've exploited; they can use the login credentials as a pivot point to attack customers internally, because they're on the other side of the firewall," he said. "Now they can leap off the POS platform to dig into untold terabytes of data."

Oracle advised all its customers to change their passwords, a move Wethington and others compare to closing the barn door after the cows get out. "Oracle took two days before acknowledging the hack," he said. "Originally, they thought it was just the support team that was compromised. But criminals used Oracle as a doorway into 300,000 businesses, putting millions of end points at risk."

Lessons learned, actions taken

In its statement to the press, Oracle confirmed that credit card data in its systems is encrypted during transmittal and at rest. While this was somewhat reassuring to potentially affected merchants, analysts are advising everyone to be especially vigilant in the coming months for spikes in credit card volumes and signs of fraudulent activity. Following are additional recommendations from security experts:

Bracing for impact

Gartner Inc. analyst Avivah Litan speculated that the Micros data breach may be connected to recent cybersecurity attacks in retail and hospitality sectors. While no one has tied these hacks to any one service provider, Litan said, "There's a big chance that the hackers in this case found a way to get remote access," thereby initiating the recent string of high-profile data breaches.

Oracle emphasized that none of its corporate networks, cloud services or ancillary networks have been compromised. However, many of the details of the incident, including when the attack was initiated, have yet to be revealed. Much of the software used by fraudsters also contains remote administrative access tool kits with "call home" features that link malware to remote command centers, subjecting it to further commands and downloads, Wethington noted.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

USAePay | Impact Paysystems | Electronic Merchant Systems | Inovio | Board Studios, Inc.