Tuesday, September 29, 2020

The Tale Of The Electoral College: The Predictive Modeling Crappers Of Tyler Are Not Having A Very Good Lead Up To The Presidential Election - "Drats, Hacked Again"

Tyler Technologies is not in a happy place at the moment, but I am having a schadenfreude moment, so it does not matter.

Now, I want to know about these databases and if there are any land patents with fancy financial instruments associated, because this is what I call some serious gerrymandering, because you know you have to have your human asset management databases up to date before you run your magical plans for the outcome of an election, at least 30 days before the election, to make sure you got your psephological, resegregationary #coloredrevolution fairy talking points polished.

NOTE TO SELF: COME UP WITH A MODERN SOOTHESAYING AI TERM FOR GERRYMANDERING & ITS DIRTY DATA CENSUS OPS

Suspicious logins reported after ransomware attack on US govt contractor

Ransomware attack on Tyler Technologies is looking worse by the day.

Customers of Tyler Technologies, one of the biggest software providers for the US state and federal government, are reporting finding suspicious logins and previously unseen remote access tools (RATs) on their networks and servers.

The reports come days after Tyler Technologies admitted last week to suffering a ransomware attack.

The Texas-based company said that an intruder gained access to its internal network on the morning of Wednesday, September 23.

The intruder installed ransomware that locked access to some of the company's internal documents.

Tyler initially played down the incident

Tyler played down the incident and said that only its internal corporate network and phone systems were impacted.

Its cloud infrastructure, where the company hosts its customer-facing applications, was not impacted, the company said in a statement published on its website and via emails sent to customers last week.

But over the weekend, the situation changed as Tyler made headway investigating the incident. The company changed its statement on Saturday.

"Because we have received reports of several suspicious logins to client systems, we believe precautionary password resets should be implemented," the company said.

"If clients haven't already done so, we strongly recommend that you reset passwords on your remote network access for Tyler staff and the credentials that Tyler personnel would use to access your applications, if applicable." [emphasis Tyler's]

Customers report remote access tools on their servers

At the same, some of Tyler's customers also reported seeing new software installed on their systems.

"If you're a Tyler customer check your servers for Bomgar that they installed," wrote one of many users on Reddit over the weekend.

A similar report followed on Monday from cyber-security training outfit SANS.

"One of our readers, a Tyler Technologies's customer, reported to us that he found this morning the Bomgar client (BeyondTrust) installed on one of his servers," said Xavier Mertens, one of the SANS ISC handlers.

According to users, Tyler uses the Bomgar client to manage its servers, but some reports claim the software was not installed prior to this weekend, prompting some to panic.

While Tyler insists in its updated statement that the attack was aimed at its internal system, customers now believe attackers might have gained access to passwords for Tyler's web-hosted infrastructure that were stored on the company's local network — and attackers are now escalating access to Tyler's client networks.

While the Tyler Technologies name might not say anything to the regular American, the ransomware attack on this company's network might quietly become one of the biggest cyber-attacks of the year, if indeed attackers gained access to passwords for customer networks and the Reddit and SANS reports aren't isolated cases.

According to its website, Tyler provides more than 50 types of web-based applications to the US public sector, such as student and school management software, public transport management solutions, jail management, courts and jury management systems, cyber-security solutions, tax and billing software, fire and EMS solutions, and entire city staff management systems, known as "Munis," just to name a few.

According to Reuters, which first broke the story about the ransomware attack, some of Tyler's software is also scheduled to be used in the upcoming US presidential election — for aggregating voting results from other sources into central dashboards."

The gang behind the Tyler attack was identified as the RansomExx group.

~~~~~~~~~~~~~~~~~~

Government software provider Tyler Technologies hit by ransomware

Leading government technology services provider Tyler Technologies has suffered a ransomware attack that has disrupted its operations.

Tyler Technologies is one of the largest U.S. software development and technology services companies dedicated to the public sector.

With a forecasted $1.2 billion in revenue for 2020 and 5,500 employees, Tyler Technologies provides technical services for local governments in many states in the USA.

Starting earlier today, Tyler Technologies' website began to display a maintenance message, and their Twitter account tweeted that they were having technical difficulties.

In an email seen by BleepingComputer, Tyler Technologies CIO Matt Bieri emailed clients stating that they are investigating a cyberattack and have notified law enforcement.

"I am writing to make you aware of a security incident involving unauthorized access to our internal phone and information technology systems by an unknown third party. We are treating this matter with the highest priority and working with independent IT experts to conduct a thorough investigation and response."

"Early this morning, we became aware that an unauthorized intruder had disrupted access to some of our internal systems. Upon discovery and out of an abundance of caution, we shut down points of access to external systems and immediately began investigating and remediating the problem. We have since engaged outside IT security and forensics experts to conduct a detailed review and help us securely restore affected equipment. We are implementing enhanced monitoring systems, and we have notified law enforcement," Bieri stated in an email to clients.

Bieri also stated that current investigations indicate that the attack was limited to Tyler Technologies' local network.

In posts to the Municipal Information Systems Association of California (MISAC) forum shared with BleepingComputer, local government employees were told that Tyler Technologies suffered a ransomware attack affecting their phone ticketing system and support systems.

"We were told this morning from one of the support techs that they got hit with ransomware early this morning on their corporate networks. Don't have any other details at this point other than support is down until they access their systems," one local municipality employee posted to the MISAC forum.

Another MISAC user stated that they heard the attack was limited to Tyler Technologies' internal network and did not affect clients.

If you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal at +16469613731 or on Wire at @lawrenceabrams-bc.

Tyler technologies hit by RansomExx ransomware
Cybersecurity sources familiar with the attack told BleepingComputer that Tyler Technologies suffered an attack by the RansomExx ransomware.
 
RansomExx is a rebranded version of the Defray777 ransomware and has seen increased activity since June when they attacked the Texas Department of Transportation (TxDOT), Konica Minolta, and most recently IPG Photonics.

While BleepingComputer has not obtained the ransom note, we found an encrypted file uploaded to VirusTotal today related to this attack.

This encrypted file has an extension of '.tylertech911-f1e1a2ac,' which includes Tyler Technologies' name and is the same format used in other RansomExx attacks.

RansomExx does not have a ransomware data leak site, but that does not mean they do not steal unencrypted files before deploying their ransomware.

BleepingComputer has contacted Tyler Technologies with further questions but has not received a response.

Thx to Fate112 for the tip!

Voting is beautiful, be beautiful ~ vote.©

No comments: