As first reported by Brian Krebs, “a Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp.”
According to the report, “the attackers compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems.”
The breach comes at a time of year when the focus is not usually on POS systems. This is a clear sign that attackers use distraction and confusion as a method of planning exploits. We have seen a barrage of activity within the healthcare and finance communities recently with a string of ransomware attacks. This has definitely been a distraction in the POS industry.
Normally, POS and retail/hospitality systems enter the spotlight around the holiday-freeze period in the fall, when systems are stressed and known vulnerabilities are easier to exploit. Summer is a non-typical time for POS to be targeted. This shows us that there is still a need for continuous risk measurement and security vigilance.
The attack on a large supply chain is a sign that attackers will seek out vulnerabilities within systems that are indirectly related to the main POS operations. Attackers can then use those vulnerabilities as a conduit to the greater ecosystem. This is quite common with POS attacks.
This latest attack represents a typical way that attackers operate following the path of least resistance. In this case, they picked a different inlet into the data by targeting a vulnerability present in supply chains within large service organizations.
Having all POS customers change their passwords will not necessarily address the root cause of the attack. There may be another way that the attack is accessing the system and stealing critical data.
Recommendations based on the outcome of this breach:
Apply security control measures via a framework that ensures all POS systems and infrastructure are effective.
Industries using POS need to bridge the gap between security controls and the frameworks that are used to provide measureable security enforcement. There are basic IT security audit steps that can help security teams measure the posture of security across the organization. Most of the POS systems in question in this attack would probably fall under the influence of the PCI Data Security Standards. PCI DSS is a good baseline standard policy to help get systems in check and provide both risk posture and security control assurance for affected systems. If the principles, security requirements and best practices of PCI policies are being applied and measured correctly, there is better assurance that the systems are protected. The most recent version of the PCI standard, version 3.2, if implemented with current best of breed security technology, would have helped with this breach.
Practice “Zero-Trust” where possible.
A “zero-trust” security posture applied to all corporate systems would help with these types of exploits. Large systems, such as the MICROS supply chain, can be very noisy with event information. Systems that focus on what the systems should be doing, rather than analyzing everything, can help prevent similar breaches.
Take advantage of collective defense and protection policy.
In the case of the MICROS breach, there is the underlying problem that malware was able to execute and do “something” for a period of time. The real damage caused may take some time to uncover. If malicious activity can be found sooner in the equation, via a policy that is enforced across all systems and using advanced, next-generation attack analytics on threats, then breaches like these may be less frequent.
The Cb Endpoint Security Platform is a proven, ease-to-use security and compliance endpoint solution that will grow with you, multiply the effectiveness of existing compliance and security tools, and minimize your organization’s attack surface. Click here to learn more about how Carbon Black can help protect your systems.