Oracle’s Point-of-Sale System Data Breached

This week we hear about how Oracle’s Point-of-Sale System Data was Breached and a ‘Project Sauron’ Espionage Malware Discovered.

Breach

Oracle’s Point-of-Sale System Data Breached

Software giant, Oracle Corp., has confirmed that their MICROS point-of-sale credit card payment system had been breached. The investigation has been verified that their customer support portal had been accessed by Carbanak Gang, a Russian cybercrime group known for hacking into banks retailers. Oracle’s MICROS point-of-sale systems are used at over 330,000 cash registers worldwide, and although the extent of the damage is unclear, network investigations have revealed that it has impacted over 700 systems.

References: Data Breach At Oracle’s MICROS Point-of-Sale Division | Oracle investigating data breach at Micros point-of-sale division | Hack Brief: Hackers May Have Breached Oracle’s Cash Register System

Mitigation Strategies:

Malware

‘Project Sauron’ Espionage Malware Discovered

A sophisticated form of espionage malware was recently detected, and it’s so advanced that security researchers believe it could have been designed by a state-sponsored group. It’s referred to by several names, such as “Strider” (Aragorn’s nickname in Lord of the Rings), “Remsec,” and “Project Sauron.”

Project Sauron has been around since 2011, but was recently discovered as the malware did not use patterns to operate, which is how security experts typically identify malware. The malware has the ability to log keystrokes, steal files, and open a “back door” to access and compromise a computer. 

References: 'Project Sauron' Malware Hidden for Five YearsResearchers Discover Advanced Cyber-Espionage MalwareStrider Hackers in Highly-Targeted 'Espionage' Malware Campaign

Mitigation Strategies:

  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • Netflow traffic may also reveal outbound connections to countries you may not do business in, which may be an indicator of malicious activity
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection. 
  • FIM solution would detect any type of file modification or addition

Top 20 IP Addresses

188.118.2.26 46.109.168.179
81.183.56.217 118.170.130.207
114.44.192.128 94.143.153.200
208.71.106.46 213.180.150.17
185.129.148.19 91.219.29.64
93.174.93.136 183.60.48.25
87.222.67.194 80.82.64.39
119.1.234.251 101.200.90.189
168.187.238.18 59.56.74.209
115.230.125.146 101.200.204.27

*IP addresses provided by Recorded Future.