Visa has issued a security alert related to the recent hack of an online portal supporting merchants using Oracle's MICROS point-of-sales systems. The alert includes a list of Internet addresses believed to have been used in the attack, a list Oracle itself has yet to release, according to KrebsOnSecurity.
Visa's alert also urged merchants using MICROS systems to change their system passwords and check machines for malicious software and unusual network activity, Krebs reported.
- Oracle declined to answer questions from KrebsOnSecurity about the address list or its ongoing investigation into the hack.
Days after first reporting on the Oracle customer portal hack, KrebsOnSecurity published an exhaustive follow-up enthralling both in its level of detail and in how it highlights how relatively little Oracle has done to illuminate what actually happened, how it happened, who was responsible for it and, most importantly, whether or not information gained during the attack may have been used to plant POS malware that could steal customer data from impacted systems.
The publication of the Internet address list involved is significant because it can provide clues as to who orchestrated the attack, and in this case, some addresses point to a well-known Eastern European hacker group. Why Oracle didn't release this information itself is unclear and disconcerting.
The Visa alert goes even further to mention a specific type POS malware, MallumPOS, which is designed to target the MICROS POS platforms—still more information that Oracle hasn't seen fit to release.
Visa is looking after its merchant customers, while Oracle is leaving those same customers in the dark. MICROS is a very widely deployed POS system, used by more than 330,000 merchant locations, more than 100,000 of which are retailers. How well will all those merchants remember Oracle's response—or lack of response—to this breach when it comes time to invest in another POS system?