{"id":51894,"date":"2016-08-09T09:11:23","date_gmt":"2016-08-09T16:11:23","guid":{"rendered":"https:\/\/blogs.mcafee.com\/?p=51894"},"modified":"2025-08-15T03:28:46","modified_gmt":"2025-08-15T10:28:46","slug":"oracle-micros-incident-2016","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/internet-security\/oracle-micros-incident-2016\/","title":{"rendered":"Another Day, Another PoS Hack. What Makes the Micros Incident Different?"},"content":{"rendered":"

Motivated by money, cybercriminals are always chasing where it goes. That greed has now led them to where transactions are most concentrated: point-of-sales systems. These types of attacks have been prominent in the news lately, with the cases of Wendy\u2019s<\/a> and Omni Hotels. But today, we have news of criminals going one step further\u2014infiltrating Oracle\u2019s technology that powers many companies\u2019 point-of-sales (PoS) systems<\/a>: the Micros PoS system.<\/p>\n

The effects of this attack could be quite largescale. That\u2019s because most businesses don\u2019t create their own infrastructure for credit card payments, opting instead to buy products for handling those transactions from a technology company. So top vendors, such as Oracle\u2019s Micros, can service up to hundreds of thousands of PoS systems. Those numbers are sure to draw the attention of cybercriminals.<\/p>\n

According to Brian Krebs’ report<\/a>, after their interest was piqued, crooks began this particular attack at Oracle\u2019s customer support portal. At the portal login, the organized cybercrime ring inserted malicious code, allowing them to steal the usernames and passwords of business accounts. With that information, perpetrators can gain remote access and manipulate PoS systems around the world.<\/p>\n

That\u2019s certainly not a good situation, but there is a silver lining. People\u2019s payment data is not at risk\u2014there\u2019s no need to worry about attackers having your credit card numbers. As Oracle explained via email, \u201cpayment card data is encrypted both at rest and in transit in the Micros hosted customer environments.\u201d<\/p>\n

What is at stake, however, is not yet clear. The vulnerability was very recently discovered, and investigators are still mapping out the full implications. Oracle has asked its Micros customers to change their passwords, but we\u2019re still waiting to see what follows. In the meantime, this incident should remind everyone to be careful with their financial data.<\/p>\n

Security Tips to Protect Your Financials<\/h2>\n

Here are some security tips for all of us, to keep our financials on lockdown:<\/p>\n