Product Architect ,
August 21, 2019
Have a proactive blocking system installed and its signatures updated.
This particular vulnerabilities stems back to the implementation of an outdated CMS. As with many of these technologies there is a support structure of frameworks that need to be taken into account when they are deployed and supported. In this instance the exploit appears to have been planted via an outdated version of Drupal.
The core lessons that should be taken from this hack:
Advise for technology creators:
When creating technology, always be sure there is a strong patching policy for any framework that is being used. The Drupal instance on their website seems to be the main attack point here, the exploit will work in any browser on the same system as opposed to just the pokertracker in-built browser.
Always be wary of installing software from sources that are not entirely trusted. Just because you have to pay for software doesn’t mean there is a development team ready and waiting to support and patch the technology. According to Malwarebytes, “they rapidly identified the issue and removed the offending Drupal module”, this is a good response from Poker Tracker. An independent third party review of their technology and a more proactive patching policy may have stopped this exploit before it became an issue.
Advise for users:
Always be wary of software running on your device, especially if it is a device you use for processing transaction and gaming.
Have a proactive blocking system installed and its signatures updated. This is a good advertisement for Malwarebytes as their blocking worked as intended on a previously flagged domain. Windows Defender has also come on leaps and bounds since its initial release and could be considered also.
With the likes of virtual/disposable payment cards being more accessible, payments methods should be rotated and recycled if possible. Revolut and Monzo support this feature. Taking this proactive step earlier in the payments process adds a safety net for users in case card data is compromised.