The cybersecurity space is abuzz with service disruptions, stolen data, account hacks, scams, data breaches, and ransomware attacks. Some of these make headlines every day. No one is secure, be it Ikea, Volvo, the critical infrastructures, the crypto wallets, or even the Prime Minister of India, whose Twitter account was recently hacked. Both individuals and organizations are targets for the threat actors.
Kronos, a workforce management and human capital management cloud provider based in the U.S., was recently attacked by a ransomware gang. The service disruption of its Kronos Private Cloud (KPC) platform resulted in complete chaos at the customers’ end.
Kronos is a popular HR and payment tool used widely and has a huge global customer base.
In a communication sent to impacted KPC customers, the company reported the cybersecurity incident that had disrupted the KPC. An unusual activity impacting the parent company Ultimate Kronos Group (UKG) solutions using KPC was noticed, and immediate action was taken to investigate and prevent the incident.
The notice said, “It is a ransomware incident affecting the KPC — the portion of our business where UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions are deployed. At this time, we are not aware of an impact to UKG Pro, UKG Ready, UKG Dimensions, or any other UKG products or solutions, which are housed in separate environments and not in the Kronos Private Cloud.”
Services Go Offline
The KPC solutions were unavailable, and customers were requested to evaluate and implement alternative solutions to ensure business continuity. The company has not been able to provide a definite timeframe to restore the systems and its services. Kronos claimed, “Any of these solutions deployed in on-premise (self-hosted) environments are not affected, and we are not experiencing impact to UKG Pro, UKG Dimensions, or UKG Ready.”
Unanswered Questions
The incident was reported on December 11, 2021, and we have no information on the adversary, techniques, or ransom demand. The company has only disclosed the nature of the breach and assigned it to a ransomware attack. The extent of the damage caused to the customers is immeasurable as these are basic applications used daily by the entire workforce of an organization.
Shmulik Yehezkel, Chief Critical Cyber Operations Officer at CYE expressed, “Today, the industry classifies attacks into categories: CNE, for Computer Network Exploitation or espionage; CNI, for Computer Network Influence, and CNA for Computer Network Attack; this upcoming year, we are going to see more and more state-level actors carrying out what we call CN-ALL attacks. In this type of attack, state-level actors will combine all the cyber warfare elements–espionage, influence, and disabling systems. These attacks will be particularly challenging because they require response simultaneously on several fronts. CISOs need to be prepared to deal with the technical aspects of recovering data and accessing backup systems, while also dealing with law-enforcement and legal teams, addressing the media, and, when needed, informing regulatory officials.”
Newer techniques and trends are already paving the way for 2022, and the number of cybersecurity incidents is only getting more mainstream. There was a time when cybersecurity was all about hacking and virus, but now, it is about protecting and preventing security breaches and state-sponsored attacks.