Oracle’s point-of-sale division MICROS has been hit by a data breach affecting hundreds of computer systems.
The attackers also compromised a customer support portal for companies using the credit card payment systems, the security blog KrebsOnSecurity found.
It is believed that the intrusion impacted over 700 systems.
The portal was seen communicating with a server used by the Carbanak gang. It is a multinational gang from Russia, Ukraine, China and other parts of Europe.
Oracle told KrebsOnSecurity that it had addressed the problems with malicious code in MICROS systems, with all customers also asked to reset their passwords for the online support portal.
According to the site’s sources, the breach most likely began with a single infected system which then spread the infection to additional systems, including a customer ticketing portal used by MICROS customers.
Oracle bought MICROS in 2014. Its point-of-sale systems are used at more than 330,000 cash registers around the world across industries such as retail and hospitality.
Carbanak has previously been implicated in major cyber attacks. In February 2015 it was revealed that Carbanak had attempted to attack up to 100 banks, e-payment systems and financial institutions in around 30 countries including the UK, the USA, China, Russia, France and Germany.
The attacks focus on stealing money directly from banks or financial service providers rather than end users.
Point-of-sale systems are considered a key target for hackers in the future who wish to attain credit card information. In Verizon’s Data Breach Investigations Report, the company found that there had been 534 total incidents of attacks on point-of-sale systems and 525 with confirmed data disclosure.
Once malware is loaded onto the devices, attacks may be able to remotely capture data from cards swiped at the register. This data could then be used by the attackers to spend the victim’s money.
