Last week, cleaning products giant Clorox took the unusual step of suing its IT services partner Cognizant for gross negligence.
Clorox are alleging that the August 2023 ransomware attack they suffered came about thanks to an incredibly simple piece of human error. According to the complaint, hackers tied to the “Scattered Spider” group simply phoned Cognizant’s service desk and requested a password reset – and were given one. You can see my coverage on this here.
Today, Specops Software published an analysis on how a simple service desk attack cost Clorox $400 million. Which is up from the $49 million that I first reported.
This analysis not only goes into how exactly the service desk social engineering played out, but also how the ransomware was deployed, and what organizations can do to protect their service desks.
The full details can be found here: https://specopssoft.com/blog/clorox-password-social-engineering/
Like this:
Like Loading...
Related
This entry was posted on July 28, 2025 at 2:11 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
How a simple service desk attack cost Clorox $400 million
Last week, cleaning products giant Clorox took the unusual step of suing its IT services partner Cognizant for gross negligence.
Clorox are alleging that the August 2023 ransomware attack they suffered came about thanks to an incredibly simple piece of human error. According to the complaint, hackers tied to the “Scattered Spider” group simply phoned Cognizant’s service desk and requested a password reset – and were given one. You can see my coverage on this here.
Today, Specops Software published an analysis on how a simple service desk attack cost Clorox $400 million. Which is up from the $49 million that I first reported.
This analysis not only goes into how exactly the service desk social engineering played out, but also how the ransomware was deployed, and what organizations can do to protect their service desks.
The full details can be found here: https://specopssoft.com/blog/clorox-password-social-engineering/
Share this:
Like this:
Related
This entry was posted on July 28, 2025 at 2:11 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.