In this day and age, everyone and business is a target. If
you have data, or your operation can be leveraged by shutting people out, which
is nearly every business, you are a target. One of these is Tyler Technologies.
This is a Texas-based company located in Plano. The company claims to be
the largest provider of software and
technology services to the public government. The company sells a wide range of
services to state and local governments. A few of their products are appraisal
and tax software, integrated software for courts and justice systems,
enterprise financial software systems, public safety software, records/document
management software, and others. The company
is very large and is publicly traded as TYL. There is an estimated 5,300 – 5,500
with 2019 revenues of over $1B. Their website is tylertech.com. Their clients
consist of over 15k government offices. The clients are based in the US,
Canada, the Caribbean, and Australia.
Attack
The company was aware of an issue on September 23, 2020.
This appears to have been a ransomware attack. The sources noted the RansomExx
ransomware group did this attack. This group has also been linked to the recent
attacks on the Texas Department of Transportation and Konica Minolta attacks.
The system was successfully attacked and compromised. On the bright side, this
does appear to be limited to the internal systems for the phone and IT systems,
versus every system. Unfortunately, the details of the attack were not
released, however, this does appear to be a ransomware attack.
Post-Detection
The company discovered the unauthorized user on the system. In
a prudent move, they shut down the points of access to external systems. This
was done out of an abundance of caution. This kept the attackers from pivoting
into other areas. After this, they immediately began the investigation. The
company contracted with third-party IT security and forensic experts. They focused
on conducting a complete review. As a result of this, they also implemented enhanced
monitoring systems to verify this activity did not continue. They also contacted
law enforcement.
Effected
The company does not believe any of its client data, client
services, or hosted systems were affected. With certain systems shut down, the
local government’s client’s did not have access to certain services (e.g.
paying their water bill or court payments online). Ironically, Tyler Tech had
used the threat of ransomware as a selling point for many of its services. This
included the ransomware survival guide and the ransomware incident response
checklist. Apparently,
Lessons
You have to maintain a cyber vigilance. That is our environment.
The employees still need the training to recognize ransomware and cybersecurity is
everyone’s problem. When you under-estimate the attacker’s tenacity, you
probably won’t like the results. The employee training needs to be on-going
through the year, not only as part of the mandatory training. When you don’t
emphasize the importance of the employee’s role with keeping the business safe,
their focus will lapse and you’ll be in the news feed, using your own
ransomware response guides.
Resources
Abrams, L. (2020, September 23). Government software
provider tyler technologies hit by ransomware. Retrieved from https://www.bleepingcomputer.com/news/security/government-software-provider-tyler-technologies-hit-by-ransomware/
Bizga, A. (2020, September). Government services firm tyler
technologies hit by ransomware. Retrieved from https://hotforsecurity.bitdefender.com/blog/government-services-firm-tyler-technologies-hit-by-ransomware-24193.html
Johnson, O. (2020, September 23). Tyler technologies suffers
apparent ransomware attack. Retrieved from https://www.crn.com/news/security/tyler-technologies-suffers-apparent-ransomware-attack?itc=refresh
Kovacs, E. (2020, September 24). Government software
provider tyler technologies hit by possible ransomware attack. Retrieved from https://www.securityweek.com/government-software-provider-tyler-technologies-hit-possible-ransomware-attack
Krebs, B. (2020, September 23). Govt. services firm tyler
technologies hit in apparent ransomware attack. Retrieved from https://krebsonsecurity.com/2020/09/govt-services-firm-tyler-technologies-hit-in-apparent-ransomware-attack/
Menn, J. (2020, September 23). Software vendor tyler
technologies tells U.S. local government clients it was hacked. Retrieved from https://www.reuters.com/article/idUSL2NZGK25A?utm_medium=Social
Tyler Technologies. (n.d.). Website unavailable. Retrieved
from https://www.tylertech.com/DesktopModules/EasyDNNNews/DocumentDownload.ashx
No comments:
Post a Comment