Customers of Tyler Technologies, one of the biggest software providers for the US state and federal government, are reporting finding suspicious logins and previously unseen remote access tools (RATs) on their networks and servers.
The reports come days after Tyler Technologies admitted last week to suffering a ransomware attack.
The Texas-based company said that an intruder gained access to its internal network on the morning of Wednesday, September 23.
The intruder installed ransomware that locked access to some of the company’s internal documents.
Tyler initially played down the incident
Tyler played down the incident and said that only its internal corporate network and phone systems were impacted.
Its cloud infrastructure, where the company hosts its customer-facing applications, was not impacted, the company said in a statement published on its website and via emails sent to customers last week.
But over the weekend, the situation changed as Tyler made headway investigating the incident. The company changed its statement on Saturday.
“Because we have received reports of several suspicious logins to client systems, we believe precautionary password resets should be implemented,” the company said.
“If clients haven’t already done so, we strongly recommend that you reset passwords on your remote network access for Tyler staff and the credentials that Tyler personnel would use to access your applications, if applicable.” [emphasis Tyler’s]
Customers report remote access tools on their servers
At the same, some of Tyler’s customers also reported seeing new software installed on their systems.
“If you’re a Tyler customer check your servers for Bomgar that they installed,” wrote one of many users on Reddit over the weekend.
A similar report followed on Monday from cyber-security training outfit SANS.
“One of our readers, a Tyler Technologies’s customer, reported to us that he found this morning the Bomgar client (BeyondTrust)