Oracle MICROS POS reviews
NEWS ANALYSIS: Oracle's POS platform was revealed to be at risk, possibly giving attackers a backdoor to thousands of systems. The breach was not surprising to security experts.
Point-of-sale malware is nothing new, but on Aug. 8, news of a potentially extensive POS breach came out. Oracle's Micros POS system was breached, which could have widespread implications for the retail industry. The breach was first reported by and confirmed by Oracle in a letter sent to its Micros customers. "Oracle Security has detected and addressed malicious code in certain legacy MICROS systems, " the letter states. "Oracle's corporate network and Oracle's other cloud and service offerings were not impacted by this code." Oracle acquired Micros in June 2014 for $5.3 billion and has since continued to build and develop the POS software platform. The Micros platform is used at approximately 330, 000 customer sites around the world, making it one of the most widely used POS systems. Oracle's letter to customers noted that the Micros system uses encryption for customer data at rest and in motion, which helps protect organizations and limit risk. Oracle is also advising Micros customers to reset passwords on their Micros accounts to help mitigate any potential impact of the breach. The Micros breach wasn't surprising to security experts whom eWEEK contacted. Nathan Wenzler, principal security architect at AsTech Consulting, commented that POS deployments have long been an area of security concern, as they are often not considered to be like other "normal" workstations or servers despite often running modified versions of the same operating systems. "The attack chain described so far is an incredibly common one: compromise a single system, use it as a beachhead to compromise more systems, gain credentials of any sort and then use those to further compromise more systems, " Wenzler told eWEEK. While it's just another breach of a POS system, the Micros breach could be far-reaching, given the scope, depth and breadth in which Micros platforms have been deployed, said Chris Roberts, chief security architect at security vendor Acalvio. "So many of us travel; the industry is huge, and to have one of the largest POS manufacturers in that industry so completely hacked is a major issue, " Roberts told eWEEK. The obvious unanswered questions now are about the precise origin of the attack and how long the attackers were present in the system, he said. While it's not yet clear how the breach happened, it's possible to speculate based on how past POS breaches have occurred.