September 26, 2020 | software | No Comments
A major software supplier to U.S. city and county governments has been hacked, the company said in an email to government clients.
The Plano, Texas-based Tyler Technologies, which provides software and network services to dozens of counties and cities across the country, became aware of a “security incident” to its information technology systems Wednesday, Chief Information Officer Matt Bieri said in an email to clients reviewed by NBC News.
In an update on its website Thursday, the company said it had been infected with an unnamed strain of ransomware.
The company “is in the process of responding to a security incident involving unauthorized access to our internal phone and information technology systems by an unknown third party,” the site says.
The company focuses on providing administrative and tax services to counties. While it doesn’t directly work in elections software, its products can be used to post information about results and polling place locations, the company said.
And while there is no evidence that the attack has spread to counties that work with Tyler, it provides a fresh warning that election interference can happen in unexpected ways.
Counties usually share all their services, including election systems, on the same network, meaning that a ransomware infection could also make that information inaccessible.
The Cybersecurity and Infrastructure Security Agency, which advises counties and other government entities involved with elections, declined to comment. But in an unrelated joint statement with the FBI on Thursday, the agencies said that “cyber actors continue attempts against election systems that register voters or house voter registration information, manage non-voting election processes, or provide unofficial election night reporting.”
“These attempts could render these systems temporarily inaccessible to election officials, which could slow, but would not prevent, voting or the reporting of results,” the warning said.
Tyler Technologies employees didn’t respond to requests for comment. The company has hired outside security consulting and notified law enforcement, Bieri wrote in his email.
County and local governments have been frequent victims of ransomware in recent years. Federal officials have repeatedly warned that short-staffed counties are particularly easy targets, and that attacks can cause havoc during an election.
Though hackers have little ability to change votes, even knocking electronic poll books offline and forcing a county to use paper backups could drastically increase the time it takes to vote.
Several counties that use Tyler Technologies’ software said they had seen evidence they had been affected with ransomware. Attacking a business that manages software for multiple clients is a common way to spread ransomware.
In June, a file sample named “.tylertech911-f1e1a2ac” was uploaded to VirusTotal, a repository cybersecurity researchers use to share information about malicious software. The naming convention indicates hackers had been using a relatively new strain of ransomware called RansomExx to target Tyler Technologies, Brett Callow, an analyst at the cybersecurity company Emsisoft, said.
“While this does not prove that Tyler Tech was a victim of RansomExx, it’s certainly a strong indicator,” he said.
Such companies “are typically able to remotely access their clients’ networks,” Callow said. When one’s infected with ransomware, “they may be able to exfiltrate and encrypt data on those networks.”
“There have been multiple examples of this type of compromise in the last 12 months,” he said.