Cyberattack on Clorox plant is over, normal manufacturing operations resume
In a significant blow to the consumer goods industry, Clorox, a leading manufacturer of cleaning and hygiene products, has been hit by a major cyberattack in August 2023. The attack, which was initiated through a social-engineering assault on Clorox's IT service desk, managed by Cognizant, caused widespread disruption to the company's production capabilities.
The Attack's Origins and Impact
The attackers, believed to be from the hacking group Scattered Spider, impersonated locked-out employees and tricked service desk agents into resetting passwords and multifactor authentication without proper identity verification. This allowed them to gain legitimate credentials, including those of an IT-security employee, which they used to escalate privileges to domain administrator level and access Clorox’s core network environment.
Using these elevated privileges, the attackers disabled critical security controls and deployed ransomware, encrypting key servers and severing connections between manufacturing, distribution, and IT systems. This led to significant operational disruptions, halting production lines and order fulfillment for months.
The Aftermath and Recovery
Clorox detected the breach within approximately three hours but experienced delays in containment and shutting down compromised accounts, exacerbating the damage. The company has since resumed its manufacturing operations and automated order processing, but the attack has caused financial losses estimated to be around $380 million, including $49 million in direct remediation costs and lost revenue from halted operations.
In response to the attack, Clorox brought in third-party cybersecurity experts to help respond to the attack and restore normal operations. The company has also sued Cognizant for negligence in giving attackers credentials without proper verification, leading to prolonged recovery efforts.
The Future Outlook
Clorox is focusing on maximizing shipments and restocking trade inventories to meet the high demand for its products due to the COVID-19 pandemic. However, the return of students to school and rising infections may test current demand. It is also expected that the cyberattack could impact Clorox's quarterly earnings.
Rival firms may have filled some of the void left by Clorox's product shortages, potentially gaining consumer market share. Nevertheless, the brand's resilience and swift response to the crisis are likely to help it recover in the long term.
This attack underscores the risk of social engineering against IT help desks and the critical importance of strict identity verification and alerting procedures for password resets. Clorox notified law enforcement immediately after the attack and has stated that if any sensitive data was accessed, it would notify individuals as appropriate.
[1] CSO Online
[2] The Wall Street Journal
[3] TechCrunch
[4] Krebs on Security
[5] Dark Reading
- The cyberattack on Clorox in August 2023, originating from the Scattered Spider hacking group, resulted in the deployment of ransomware, causing significant disruptions in manufacturing, distribution, and IT systems.
- Clorox suffered financial losses of approximately $380 million due to the attack, including direct remediation costs and revenue losses from halted operations, which occurred as a result of delayed containment and compromised accounts.
- To aid in their response to the attack and recovery, Clorox has enlisted the help of third-party cybersecurity experts and has sued Cognizant for negligence related to the unauthorized distribution of credentials.
- The attack serves as a reminder of the importance of strict identity verification and alerting procedures for password resets to protect against social engineering attacks against IT help desks in the manufacturing, finance, and technology industries.
