One of the biggest human resources solutions providers is reporting that their systems have been taken offline due to a ransomware attack, which could last for several weeks. The company isn't saying if the vulnerability was used to hack the systems.
The company said on Sunday that services using the Kronos Private Cloud had been unavailable for the past day.
It is likely that the issue will take at least several days to resolve, according to a representative from Kronos. We recommend that our customers evaluate alternative plans to process time and attendance data for payroll processing, to manage schedules, and to manage other related operations important to their organization.
The cause of the outage was reported ten hours after the advisory was published, and it may take up to several weeks to restore system availability.
Advertisement
The representative wrote that they were taking all appropriate actions to fix the situation. We will provide another update within the next 24 hours.
The method the attackers used to break the Kronos infrastructure was not mentioned in the advisories. There is a banner notice at the top of each post.
We are aware of the vulnerability. We have preventative controls in place to detect and prevent exploitation attempts. Emergency patching processes have been used to identify and upgrade impacted versions of log4j. We are monitoring our software supply chain for any advisories of 3rd party software that may be impacted by the log4j vulnerability.
The representatives of the company declined to say if a Log4Shell exploit was the cause of the initial compromise. It wouldn't be a stretch for that to be the case. The vulnerability that allows hackers to execute malicious code with elevated system privileges is trivial to exploit. Attacks can come from users visiting a page with a browser that includes commands in the user agent.
The company said it had retained experts and notified authorities. Customers' on-premises services aren't affected.
The post will be updated with new information.
