Time Lords
Hope they resolve it quickly. First encountered them when we had them in for a sync audit, and learned quite a lot about how to clock a network properly. Still my go-to consultants for network timing stuff.
Kronos Private Cloud has been hit by a ransomware attack. The company, also known as Ultimate Kronos Group (UKG), provides timekeeping services to companies employing millions of people across the world. Emails sent by Kronos to its corporate customers, seen by The Register, confirm the firm has pulled its private cloud …
maybe its not the same Kronos you remember as these guys appear to be into people time management, like clock in clock out & contact centre shift pattern type stuff.
I'm not so sure they do anything with network timing, not sure anyone does anything with network timing in this day and age.
Yup, my bad. Was thinking of Chronos (.uk). They're still going, and still very much clock rather than clock-watching focused. And still very relevant for networks. But now I'm also wondering if Kronos use Chronos for timing, and cloud-based time. NTP works ok most of the time, but not always.
You know, the Greek titan type that's prone to eating their own young.
"K" Khronos (the company, which is definitely not a titan) is one of those vile leviathan dinosaurs that persists despite pursuing a decades long business strategy of maximizing pain for the end user. No surprise then to see them faceplant in the face of ransomware. While I pity the responders at the coal face, this is the byproduct of a entrenched culture that set the height of the bar at "just barely good enough run". I literally remember my dad complaining about them back in the paper puchcard days when it was probably running on an AS/400 mainframe. Those complaints continued until he retired decades later.
I'm sure there is some Khronos exec that smugly though that "It's your responsibility to ensure continuity of business planning for our services" was a great way to justify cutting corners. If it were my outfit (thank god it's not) I'd be engaging the "switch to a new payroll provider" paragraph of that plan. Then again, if I had any sway over the payroll department, we wouldn't have been using either Khronos or our current provider. So my probably undeserved paycheck this month will arrive because of luck and the fact our back office aren't masochistic to inflict Khronos payroll on themselves.
If you are connected to the Internet then you are vulnerable ...
... and even more vulnerable if you think that you are safe and don't have to worry about a cyber-attack because you have done everything that would have stopped yesterdays attacks. Malware deliveries are updated far more often than system patches.
It's the potentially weeks long recovery window.
If you claim to be a cloud company, you should be able to restore services in less than 48 hours, even if your entire company burned to the ground after repeatedly being struck by lightning.
Clearly, their backup systems either got hit, or weren't suitable for purpose.
Absolutely, this "activate you business continuity plan" from a cloud vendor is some high-grade BS. Kronos Cloud is supposed to be a business continuity plan. If you have to manage your own data yourself, back it up, have hardware on standby to run the workloads in-house, have an alternate system, what's the point in outsourcing?
Oh and Kronos time management sucks the big wind... truly awful.
You know, I really hate companies that use the term "We are reaching out to inform".
Enough with all the touchy feely, I wanna be your friend bull shit.
Does anybody get taken in by this?
What's wrong with "We are contacting you", "We are emailing you".
Stop reaching out to me, we know you are full of shit and in it for the money. Have some respect for yourself and us and stop trying to reach out and touch me up, perf.
To generalise: having been completely and utterly incompetent, and entirely unable and unwilling to even try to solve my obvious problem, they end with:
"Is there anything else I can help you with today?"
Anything 'else'?? ELSE?????????? So.... what... are you more concerned about other problems, (possibly as yet unknown) I may have, than this one, which I've just spent 10 minutes explaining? Are you saying my 1 problem isn't enough for you?
"Is there anything more I can help you with today?"
Anything 'more'?? MORE??????????
At which point, security is called.
That's the first thing that irritated me too. Bullshit business-speak always rattles my cage.
Then I came across the standard filler that really set me off - "We took immediate action to investigate and mitigate the issue.." Really? No excrement, Sherlock. As if stating the blindingly obvious will show how clever they are. God, I hate filler guff.
They might just as well have added " our staff took a long and fruitful dump, washed their hands with soap and water, ate a nutritious breakfast and had a shower before arriving at the office."
Nurse? Nurse? My laudanum, and be quick.
Perhaps, just perhaps this should start to wake people up to the fact that having everything "online", "Internet accessible" and in various bits of Cloud is not such a good idea. Whilst some of the ransomware is activated internally a significant number of these attacks appear to have been initiated through some sort of external vulnerability or failing.
Nobody will because people just don't believe it will happen to them.
These events will continue to happen until something so big is zapped we have a crisis that hits global stock markets or politics. Only then will people take note, it is just like all the posturing about climate change.
Nah, as long as there's money to be made from suckers, there's gonna be shysters out there trying to extract it from them. Since Microsoft can't stop fucking with their software for more than 27 seconds, the hackers are always going to have freshly-plowed ground in which to look for new vulnerabilities. Then add in the occasional security blip from FOSS that looks small but turns out to be massive, and it's a wonder we still keep our computers inter-networked together and don't just smash them all with hammers and go back to adding machines.
We used Kronos for employee timekeeping up until this past April when we moved to ADP. The big driver for us was that Kronos' time-clocks could talk directly to our AS/400. But we switched the backend and time-clocks over to ADP's "cloud" this past Spring, and my total involvement was putting two screws in the wall and plugging the clocks into the network jack. I wonder how vulnerable ADP is....
It's obviously the fault of omicrom as there's going to be some more newspaper headlines tomorrow.
Boris will make a special announcement tonight stating that all computers must get vaccinated and wear masks....
Well, it's about as sensible and useful as any other fecking idea he's come up with.
According to this morning's Washington Post, the Kronos attack has affected Prince Georges County, Maryland (the county bordering the District of Columbia on the east). The Post says that this affects timekeeping but not payroll, and that timekeeping for now is "manual", which is suppose could mean paper-and-pen or Excel.
Don't forget that when you utilise a cloud service like Kronos, you also often deploy ADFS or LDAP so when the cloud service is compromised, the infected systems have a direct route to your authentication services. There are certain protections that can be put in place but fundamentally, you're providing a direct link from Kronos to your AD user auth so don't forget to block all access to/from Kronos in your network until they have this resolved.