Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Clorox. Show all posts
Social Engineering
Clorox Cognizant Data Breach Lawsuit Social Engineering

Clorox Blames $380M Breach on Service Desk Social Engineering, Sues Cognizant

 

In August 2023, the Scattered Spider group orchestrated a devastating social engineering attack against Clorox that resulted in approximately $380 million in damages, demonstrating how a simple phone call can lead to catastrophic business disruption . 

Modus operandi 

The attackers bypassed sophisticated cybersecurity measures through old-fashioned social engineering, repeatedly calling Cognizant's service desk and impersonating locked-out Clorox employees . Rather than exploiting technical vulnerabilities, they manipulated human psychology, using calm, scripted conversations to convince frontline agents to reset passwords and multi-factor authentication without proper verification . 

According to court filings, the attackers conducted thorough reconnaissance, collecting employee names, titles, recent hires, and internal ticket references to make their impersonation attempts more convincing . The legal complaint alleges that Cognizant agents violated agreed procedures by resetting credentials without properly authenticating callers first . 

Devastating impact 

The breach caused operational paralysis at Clorox, with production systems taken offline, manufacturing paused, and manual order processing implemented . The company experienced significant shipment delays that depressed sales volumes, with the total financial impact reaching roughly $380 million, including $49 million in direct remedial costs and hundreds of millions in business-interruption losses . 

Why outsourcing amplified risk

Outsourced help desks present unique vulnerabilities due to their broad cross-tenant privileges and high-volume workflows that can lead to shortcuts in verification processes . Large vendors handling numerous calls may experience "process drift," where agents prioritize getting users working over strict security verification . Additionally, third-party systems often create visibility gaps, with actions logged in separate systems that aren't fully integrated into customers' security monitoring . 

Defense recommendations 

Security experts recommend treating help-desk resets as privileged operations requiring out-of-band verification through company-owned phone callbacks or emailed tokens . High-risk resets should mandate two-person approval and automatic manager notifications . 

Organizations should implement automated telemetry to log every reset with immutable audit trails and alert on suspicious patterns like multiple resets from the same external number . Contract language with vendors must require technical controls, auditability, and regular social-engineering simulations to measure and improve verification processes .
Read more »
UnitedHealth
Clorox Cyber Security Data Compromise Prudential Financial cyberattack Risk Management SEC UnitedHealth

SEC Tightens Cybersecurity Regulations for Public Companies

 



In 2023, the Securities and Exchange Commission (SEC) significantly tightened its cybersecurity regulations for publicly traded companies. This move, aimed at enhancing investor protection and ensuring market transparency, responds to the increasing prevalence of cyber threats and their potential to disrupt business operations and financial stability.

New Rules for Incident Disclosure

The SEC's updated regulations require companies to disclose cybersecurity incidents within four days of determining their material impact. Companies must swiftly evaluate the scope and severity of any cyberattack, including the nature and amount of data compromised and the potential business, legal, or regulatory impacts. The goal is to provide timely and accurate information about incidents that could affect a company's financial health or market performance.

Case Studies: Clorox, Prudential Financial, and UnitedHealth

Recent cyber incidents involving Clorox, Prudential Financial, and UnitedHealth offer insights into how companies handle these new requirements.

Clorox: In August 2023, Clorox faced a major cyberattack that disrupted its automated order processing system, leading to significant delays and product shortages. This disruption is expected to cost the company between $57 million and $65 million in fiscal year 2024, largely for IT recovery and professional services. Additionally, Clorox’s Chief Information Security Officer (CISO) left the company following the attack, which revealed long-standing security issues that had previously been flagged in audits.

Prudential Financial: In February 2024, Prudential Financial reported a cyber breach involving unauthorised access to its infrastructure, affecting administrative and user data. The breach, linked to the ALPHV ransomware group, compromised the personal information of 36,545 individuals. Prudential took a proactive approach by disclosing the incident to the SEC before determining its material impact, indicating a possible new trend toward early transparency.

UnitedHealth: UnitedHealth’s subsidiary, Change Healthcare, experienced a significant cyberattack that compromised millions of patient records and disrupted prescription and claims processing. Initially attributing the attack to a nation-state, UnitedHealth focused on restoring operations without immediately assessing its materiality. The incident has led to substantial financial repercussions, including at least 24 lawsuits and potential costs up to $1.6 billion. Following the disclosure, UnitedHealth’s stock price dropped by nearly 15%.

Key Takeaways for Risk Management

These examples highlight several important lessons for companies under the new SEC regulations:

1. Visibility and Accountability: Companies must continuously oversee their digital assets and promptly address security vulnerabilities. Ignorance is no longer a viable defence, and businesses must be able to explain the details of any breaches.

2. Transparency and Proactive Measures: Transparency is crucial. Companies should adopt conservative and proactive cybersecurity policies and be prepared to update disclosures with more detailed information as it becomes available.

3. Information Sharing: Sharing information about cyber breaches and effective security strategies benefits all sectors. This collaborative approach enhances overall security practices and accelerates the adoption of best practices across the industry.

The SEC’s new cybersecurity regulations shift towards more stringent oversight, pushing the growing need for robust cybersecurity measures to protect market stability and investor interests. As companies adjust to these requirements, the experiences of Clorox, Prudential Financial, and UnitedHealth provide valuable lessons in effective risk management and transparency.


Read more »
Cybersecurity
Clorox Cyber Attacks CyberCrime Cyberhackers Cybersecurity

When Hackers Strike: The Inside Story of Clorox's Lengthy Disappearance

 


A recent cyber attack that disrupted the production process at Clorox, including bleach and other products from the brand, may make it difficult for those looking to stock up on the brand's bleach or other products in the upcoming months.

In the last two months, Clorox, the company responsible for the creation of many items such as these and many others, has had to pick up the pieces after suffering a devastating cyber attack. In late September, the company revealed that it had been experiencing automated ordering difficulties for weeks, including the inability to process orders from stores such as Walmart and Target for its vendors. 

There were outages and shortages caused by this, all of which slowed down sales. The cybersecurity researcher Allan Liska at Recorded Future speculated as to what damage Clorox suffered as a result of the cyberattack on its manufacturing operations: "When [Clorox] couldn't take in orders, even though the production lines themselves could run, they could not tell [Clorox] what products they needed or where they should send them." 

Clorox disclosed in a filing to the Securities and Exchange Commission on Monday that the cybersecurity violation came to light as a result of unauthorized activity that was detected on several IT systems on Aug. 14.

It was revealed in a statement on August 14 that Clorox-which is not only a leading bleach manufacturer but also a company that produces Glad trash bags and Burt's Bees skin care products discovered in its computer systems some "unauthorized activity." 

There was another disclosure by the company more than a month later, on September 18, indicating that the attack had caused many of its automated systems to be unavailable -- including those that were used to place orders at large retailers using self-service portals. 

There has been a slowdown in Clorox's operations as a result of placing orders manually through big box retailers such as Walmart and Target, which has resulted in fewer products reaching store shelves because Clorox has had to process those orders manually. 

During the first quarter of last year, Clorox had revenue of $1.74 billion, and it was in early August that the company announced a cyberattack. At the time, the company said it was expecting to grow sales by mid-single digits in the first quarter. 

In a similar scenario, if the company had grown sales by 5% from last year's totals, that would have generated a revenue of $0.83 billion. Instead, the company predicted last week that sales would fall by 23% to 28% compared to last year. 

Taking that into account, Clorox's revenue could drop by between $1.25 billion and $1.34 billion instead of what it anticipated before the breach was discovered. This would constitute a drop of at least $500 million compared to what Clorox had anticipated before the discovery was made. 

Several hours after the move, officials at Clorox expect to return to the automated order processing system next week, and they expect to increase production rates over time. There are a number of household cleaning products, foods and other goods that this Oakland, Calif., company manufactures, including Pine-Sol bleach, Fresh Step cat litter and Clorox bleach. 

According to the original filing of the company, the company notified law enforcement of the incident and hired third-party experts to investigate the matter and provide assistance in the recovery process. It was stated at the time that Clorox would try and maintain production by implementing workaround strategies. However, Clorox warned of potential disruptions at the time.  

The company switched to manual ordering processing immediately after discovering the unauthorized activity on its network, which, according to Clorox, slowed down the company's ability to produce the goods. As of right now, most of Clorox's production facilities have resumed production, as the company is in the process of repairing those systems.  

There have been significant improvements to the ‘vast majority’ of Clorox’s manufacturing sites, and the company’s production is projected to ramp up soon to full capacity. It is not possible for the company to tell when normal operations can resume. 

The wipes produced by Clorox were in high demand during the peak of the COVID-19 epidemic, when cleaning products flew off the shelves. While the company ramped up production in August 2020 to meet the demand, there were still shortages into 2021 as a result of the shortages.
Read more »
unauthorized activities
Cleaning product company Clorox Clorox cyberattack Cyber Attacks unauthorized activities

Clorox Cyberattack: Operations of the Cleaning-product Company Disrupted


This Monday, in a regulatory filing, cleaning-product firm Clorox (CLX) confirmed that it was hit by a cyberattack in August. The attack apparently resulted in disruption of the company’s operations, such as the production of their cleaning products.

The company noted that because of the cyberattack, the products are now facing a shortage in their supply. This is consequently making it difficult for the company in keeping up with consumer demand.

Clorox has not yet confirmed as of what products are impacted in the disruption. 

In the aforementioned filing, the company stated that they have detected a suspicious ‘unauthorized’ activity in some of its information technology systems. They further stated that following the revelation, Clorox swiftly took actions in order to stop the attack, such as minimizing their operations for the time being. However, the company now believes that the attack is still on. 

The business said that it manually fills and processes orders. The process of restoring to regular business operations won't start, according to the corporation, until next week.

In a statement published by Clorox, the company says, "Clorox has already resumed production at the vast majority of its manufacturing sites and expects the ramp up to full production to occur over time.”

“At this time, the company cannot estimate how long it will take to resume fully normalized operations," it added. 

Adding to this, the company notes that due to the cyber activity and delay in its operation, they may compromise their current-quarter financial amount materially. However, Clorox also notes that any longer term impact would in fact be premature, “given the ongoing recovery.”

In its early trading, Clorox shares had already fallen about 2%. The American global manufacturer and marketers are popular for their professional products and household staples such as bleach, detergents and cleaners. 

A similar case of cyberattack was recently observed, in which operation of popular resort and casino giant MGM Resorts were disrupted. The cyberattack disrupted a significant portion of its operations, preventing customers from making room charges or using their digital keys to enter their rooms.  

Read more »
Subscribe to: Posts (Atom)