Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Tyler Technologies Says Customers Reported Suspicious Logins

Tyler Technologies, a major provider of software and services for state and local governments in the United States, has advised customers to reset remote network access passwords after a couple of customers reported suspicious logins.

Tyler Technologies, a major provider of software and services for state and local governments in the United States, has advised customers to reset remote network access passwords after a couple of customers reported suspicious logins.

Tyler recently launched an investigation after its internal corporate network was hit by ransomware. It’s currently unclear if the suspicious logins are related to the recent ransomware incident, but as a precaution the company has advised clients who haven’t already done so to reset the passwords that Tyler staff use to remotely access their network and applications.

“We recently learned that two clients have reported suspicious logins to their systems using Tyler credentials. Although we are not aware of any malicious activity on client systems and we have not been able to investigate or determine the details regarding these logins, we wanted to let you know immediately so that you can take action to protect your systems,” Matt Bieri, the CIO of Tyler Technologies, told customers.

“Although we do not have enough information to know whether this evening’s reports of suspicious activity are related to the ongoing investigation of unauthorized access to Tyler’s internal systems, we believe precautionary password resets should be implemented,” he added.

In updates posted on its website over the weekend, Tyler said it became aware of unauthorized access to some of its internal systems, including phone and IT systems, early in the morning of September 23. Some systems were shut down and an investigation was launched.

The company has confirmed being targeted with a piece of ransomware — it was the RansomExx ransomware according to some reports — but it’s not sharing additional technical information due to its ongoing investigation. An investigation is also being conducted by law enforcement.

The operators of the RansomExx ransomware are not known to steal data from targeted organizations, and Tyler says it has found no evidence that the environment hosting customer systems, which is separate from the corporate network, was also impacted.

Tyler has also responded to reports that some customers were unable to make court and utility payments due to the incident. The firm claims it has reviewed logs and it has found no evidence of disruption to payment services.

Advertisement. Scroll to continue reading.

Some have also raised concerns related to the election-related services provided by the company to governments, and potential impact on elections resulting from this incident. However, Tyler pointed out that it does not make actual election software. Its Socrata open data platform can be used to post election results, promote campaign finance transparency, or post information on polling, but in reality very few use it for this purpose.

“Tyler’s Socrata product is a SaaS data platform that is hosted offsite on AWS (Amazon Web Services), not on Tyler’s internal network that was impacted. We have never had a report that a bad actor has used our Socrata platform to display incorrect or misleading election results, polling locations, campaign finance information, or other civic data,” Tyler said.

Related: University Project Tracks Ransomware Attacks on Critical Infrastructure

Related: Ransomware Disrupts Production at Australian Beverage Company Lion

Related: Data Center Provider Equinix Hit by Ransomware

Related: Development Bank of Seychelles Hit by Ransomware

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...