What is Kronos?
Ultimate Kronos Group (UKG), or simply “Kronos,” is one of the United States’ largest human resources companies. They provide services for some of the largest companies in the nation including Tesla, Puma and MGM. They also serve the public sector, counting the city of Cleveland, New York’s Metropolitan Transportation Authority (MTA) and hospitals across the country as clients.
How did the Kronos hack happen?
On Saturday, December 11th, Kronos administrators noticed suspicious activity taking place on the company’s network.
On Monday, December 13th, Kronos publicly reported that it had found itself on the receiving end of a major hack, specifying that it was a ransomware attack. The company explained that it had shut down a number of its services, warning their clients that it may take “several weeks” before normal operations are able to resume.
Affecting Kronos Private Cloud, which employers across the country depend on for shift tracking and scheduling, the shutdown is causing abrupt and continued disruption with regard to employee paychecks and time logging.
According to a statement made by a Kronos spokesperson to CNN Business, “UKG recently became aware of a ransomware incident that has disrupted the Kronos Private Cloud, which houses solutions used by a limited number of our customers. We took immediate action to investigate and mitigate the issue, have alerted our affected customers and informed the authorities, and are working with leading cybersecurity experts.”
While the announcement of the ransomware attack coincides with the discovery of the devastating Log4shell vulnerability, Kronos has thus far maintained that the flaw in Apache’s product was not leveraged to carry out the attack, although research is continuing.
Kronos had, however, warned clients to be vigilant with regard to Log4shell and reported that the company had applied the recommended patches and mitigation strategies as soon as they were made available.
Who is affected by the Kronos hack?
While there is never a good time for a human resources company to be unable to provide service, the timing of the Kronos hack has proven to be especially inconvenient given its proximity to the holidays.
The attack has resulted in Kronos recommending that clients strategize contingency plans in order to continue to track employee time and ensure employee payment. Some companies are resorting to physical checks and pen and paper time tracking to keep moving in the absence of proper human resources administration. Many businesses are floundering, warning their employees that there will be a delay in payment.
While businesses struggle to keep on track independently, workers are being left temporarily in the cold as holiday spending and bills add up with an end date to the chaos currently out of sight.
Headlines in every state highlight the effect that the hack of Kronos will be having on workers in all sectors all over the country, including hospitals and healthcare facilities as medical staff already remains overworked due to the recent escalation of COVID-19 cases.
What is Kronos doing about the hack?
In a statement, UKG executive vice president Bob Hughes said “we are working with leading cyber security experts to assess and resolve the situation, and have notified the authorities. The investigation remains ongoing, as we work to determine the nature and scope of the incident.”
The company has been providing updates on a daily basis via a website it has created specifically to address their progress in addressing the issue. Users are able to sign up for email updates regarding the hack.
At this point in time, Kronos has not publicly stated that it will pay the currently unknown ransom to the criminals in exchange for control of its services.
Could the Kronos hack have been prevented?
While Kronos’ actions after the fact imply that the company takes the incident very seriously, details regarding how the ransomware attack was initiated are still not publicly known. If Kronos is to fit the mold of most recent, high profile attacks, it will be unsurprising to learn that the hack was able to take place due to the company’s lack of proper cybersecurity hygiene and administration.
Regardless of the preventability of the attack itself and the company’s transparency when it comes to service restoration progress, Kronos’ scrambling after the fact speaks volumes about the importance of companies having a contingency plan to fall back on in the event of an IT incident.
Thus far, Kronos has seemed content to rely on the customers that depend on its services to develop their own strategies for continuing business operations. While organizations of all sizes should have “plan B” protocols in place, the lack of a safety net for a company of Kronos’ size is viewed by some as unacceptable and a further indication of a lack of preparedness when it comes to cybersecurity. The fact that Kronos administers payroll fulfillment also puts them in a uniquely critical position when it comes to both data protection and service reliability.
In order to maintain security and restore public confidence in organizations’ ability to weather a cyberattack, these incidents need to be viewed as preventable crimes and not treated as though they are forces of nature beyond administrative control.
Even if Kronos’ clients opt to discontinue their service with the company as a result of this event, switching to a competing human services administrator could potentially take months. At this point in time, most organizations find themselves left to deal with the fallout of Kronos’ shutdown independently.
How to avoid cybercrime
While Kronos and other giant corporations struggle with cybersecurity, it’s relatively easy to do your part to help keep your personal or business network safe from intruders:
- Practice good password hygiene. Use a password generator to create strong, randomized passwords for all of your accounts. Don’t use the same password across multiple accounts, and change them frequently.
- Train your staff (and yourself) on the ways in which to identify phishing scams and malicious links. The hack of Robinhood was possible after a support employee was fooled into provided a hacker with sensitive information over the phone.
- Keep up with cybersecurity news blogs and online cybersecurity resources. Cybersecurity is a moving target that requires vigilance.
- Keep your operating systems, software and apps updated. You can easily update your hardware as well by purchasing refurbished equipment from a reputable supplier.
- Kronos ransomware attack could impact employee paychecks and timesheets for weeks – CNN by Jennifer Korn, 17 Dec 2021, CNN Business
- UKG Hack Disrupts Scheduling and Payroll for Thousands of Employers by Roy Maurer, 15 Dec 2021, SHRM
- Kronos ransomware attack 2021: Outage may impact HR systems for weeks by Michelle Shen, 13 Dec 2021, USA Today
- Some Kronos Customers Face Payroll, Scheduling Disruptions From Hack – CFO by Matthew Heller, 15 Dec 2021, CFO
- UKG – Wikipedia
- hUKG Kronos Private Cloud Status Updates, 22 Dec 2021