Kronos Attack Emphasizes Importance of Third-Party Monitoring

If anything, the ransomware attack on Kronos drives home the fact that cybersecurity impacts everyone. One critical takeaway from the event is that companies and public sector organizations need to take a holistic approach to cybersecurity.

Monitoring only what is occurring within an organization’s own network is no longer enough to prevent an attack. HR and other “non-IT” departments such as marketing, finance, etc. are typically using increasingly complex tech stacks comprised of multiple solutions from a variety of vendors to meet their needs. These departments need to work closely with their organization’s information security teams to go beyond point-in-time third-party risk assessments and instead continuously monitor their vendors and supply chain partners. Cybersecurity teams that partner with internal departments to assess vendors can improve their overall ‘cyber health’.

An ounce of prevention…

The Kronos attack shows once again how dependent companies are on systems and solutions that sit outside of their control. LookingGlass was able to identify botnet activity across several of Kronos’ major subdomains. This activity included bots that could be used to circumvent multi-factor authentication methods. Additionally, the dark web had several compromised credentials tied to Kronos accounts for sale, providing further avenues of access to threat actors. Many organizations are now scrambling to put into place back-up processes for critical functions such as payroll and timesheet tracking.

When companies are affected by these sorts of attacks on their systems, at best, they are distracted from their organization’s primary mission; at worst, they are unable to continue operating. Employee performance is affected because they are unable to do something as simple as log in at the start of their day to track hours or gain access to other key tools they use to complete their daily work.

11 Final Fb

These issues can trickle down further and have a negative effect on other areas such as employee retention and customer satisfaction.  Attacks can also put organizations out of compliance with regulations such as wage and hour laws, putting them at risk for fines and penalties.

A pound of cure…

Monitoring third-party vendors on a continual, consistent basis may be challenging but it can be done effectively. Many organizations are utilizing solutions that can digitally footprint third-party vendors to provide critical data and deliver actionable information about malicious activity or potential vulnerabilities that can be exploited. Working with their suppliers and vendors to prevent such an attack is worthwhile, especially when compared to the time and money involved in responding to contain an attack.

LookingGlass solutions provide organizations with an adversary’s view of their third-party vendors. Users gain insights into exposures and vulnerabilities associated with vendors that threat actors can also see on the public facing internet — this is the ‘adversary’s view’. When looking through a threat actor’s lens, it is easier to identify which vendors and supply chain partners are missing key security protections or even lacking in basic cyber fundamentals. And if LookingGlass can pinpoint these vulnerable areas, threat actors are certainly capable of discovering them as well.

These exposures and weaknesses increase cyber risk, as they are frequently used by threat actors to gain access to enterprise systems. Knowing the attack surfaces of your supply chain – your “extended attack surface” — empowers organizations with the ability to approach a vendor with data and point out that they need to investigate and correct a vulnerability, rather than being unaware of it and having to act after an attack occurs. This sharing of information can reinforce positive vendor relationships and is essential to mitigate the probability of vendor breaches that will affect your organization.

Be proactive, not reactive

As attackers advance their techniques, new threats will continue to arise. Companies can be better prepared to face these challenges by working to ensure that all departments develop effective communications with IT and collaborative relationships across their full ecosystem of partners and suppliers. By creating a culture of cybersecurity internally and beyond to its ‘extended enterprise’ of vendors, organizations can lower risk and mitigate how impactful and far-reaching these attacks can be.


Stay turned…LookingGlass will release a State of Ransomware report in early 2022. Ransomware and cybercrime innovations will serve to create an increase in the rate of attacks in the year ahead.