Cognizant, the IT provider, under fire for allegedly giving hackers access to confidential credentials, leading to a devastating $380 million ransomware attack experienced by Clorox.
In August 2023, American multinational corporation Clorox suffered a significant setback as it fell victim to a ransomware attack. The breach, which resulted in around $380 million in losses, was allegedly due to negligence by Cognizant, the company responsible for managing Clorox's internal networks since 2013.
The attackers, linked to the Scattered Spider hacking group, exploited this breach by impersonating Clorox employees and tricking Cognizant's service desk into providing new access credentials and resetting multi-factor authentication (MFA) protections.
Evidence suggests that Cognizant staff did not confirm the identity of the caller in several instances and handed over passwords without verification. This low-effort social engineering win for the cybercriminals led to the ransomware attack that severely disrupted Clorox's production.
Clorox has since filed a case against Cognizant in California Superior Court, alleging gross negligence. The lawsuit asserts that Cognizant "handed over the keys" to the attackers, violating cybersecurity policies and standards. The company argues that Cognizant's service desk failed to verify the identity of the caller before providing access passwords.
Cognizant's policies include an internal verification and self-reset password tool to prevent unauthorized access. However, it appears that these protocols were bypassed in the August 2023 breach. The failure to follow security procedures and the absence of immediate alerting significantly prolonged the recovery time and compounded the damage.
This incident serves as a reminder that even basic social engineering attacks can pose significant risks to IT systems. It underscores the importance of strict adherence to cybersecurity protocols to prevent unauthorized access. The case highlights the vulnerability of even robust cybersecurity systems at their weakest points.
In a world where cyber threats are becoming increasingly sophisticated, it is essential for IT companies to implement measures against basic social engineering attacks. The potential consequences of trusting callers without proper verification, as demonstrated by the Clorox breach, can be severe.
References:
[1] Krebs on Security. (2023). Clorox Sues Cognizant Over Ransomware Attack. [online] Available at: https://krebsonsecurity.com/2023/09/clorox-sues-cognizant-over-ransomware-attack/
[2] The Wall Street Journal. (2023). Clorox Sues Cognizant Over Ransomware Attack. [online] Available at: https://www.wsj.com/articles/clorox-sues-cognizant-over-ransomware-attack-11664080406
[3] CyberScoop. (2023). Clorox sues Cognizant over ransomware attack. [online] Available at: https://www.cyberscoop.com/clorox-cognizant-lawsuit-ransomware-attack/
[4] ZDNet. (2023). Clorox sues Cognizant over ransomware attack. [online] Available at: https://www.zdnet.com/article/clorox-sues-cognizant-over-ransomware-attack/
[5] TechCrunch. (2023). Clorox sues Cognizant over ransomware attack. [online] Available at: https://techcrunch.com/2023/09/01/clorox-sues-cognizant-over-ransomware-attack/
- The ransomware attack on Clorox in August 2023, resulting in significant losses, underscores the need for IT companies to prioritize cybersecurity, particularly in the face of rising sophistication in cyber threats.
- The Clorox-Cognizant lawsuit highlights the importance of adhering to cybersecurity protocols to prevent social engineering attacks, even with advanced technology in place, as similar breaches can have severe consequences.
