News Hub

Clorox cyberattack: How will it clean up the mess?

Written by Fri 13 Oct 2023

In August, Clorox Company identified a cyberattack that damaged portions of its IT infrastructure, causing ‘widescale disruption’ across Clorox’s operations.

Clorox said it believed the hack was contained in a report filed to the United States Securities and Exchange Commission (SEC) in September. However, the attack resulted in slower production rates and ‘an elevated level of consumer product availability issues’.

But what who was responsible for the attack and what lasting effects will it have on the company?

Clorox Cleans up Cyberattack

In a regulatory filing, Clorox said it took immediate steps to stop and remediate the activity, including taking certain systems offline. Clorox then implemented its business continuity plans and began manual ordering and processing procedures at a reduced rate of operations.

After Clorox said it believed the cyberattack was contained, it began repairing the infrastructure and reintegrated the systems that were proactively taken offline. The company expected to begin the process of transitioning back to normal automated order processing by the week of 25 September.

“Clorox has already resumed production at the vast majority of its manufacturing sites and expects the ramp up to full production to occur over time,” said the company.

In the filing, Clorox said it cannot estimate how long it will take to resume fully normalised operations.

Who is Responsible for the Cyberattack?

Bloomberg reported officials suspect the hacking group Scattered Spider was responsible for the August attack, citing people familiar with the situation. Scattered Spider was also tied to a recent attack on MGM Resorts and Caesar’s Entertainment.

The group typically conducts targeted social engineering campaigns. These tactics use psychological manipulation to dupe users into making security mistakes or giving away sensitive information. However, it is not known if social engineering or ransomware were deployed to enact the cyberattack on Clorox.

“Clorox’s attack has all the hallmarks of a ransomware attack. This is all part of an ever-growing threat on social engineering combined with ever more evasive and adaptive attack techniques and tactics,” said Mark Guntrip, Senior Director of cybersecurity strategy for Menlo Security, to Smart Industry.

Allie Mellen, Principal Analyst of Security and Risk at Forrester, told Yahoo finance that all organisations are potential targets for cyberattacks. However, hackers favour those that impact business continuity.

“It is not surprising that these are the types of targets that they would choose in particular because many of the organisations that they’re choosing to target rely on continuous uptime. That is especially true for organisations like casinos and consumer goods, so ultimately those are going to be huge targets because they are the ones who are really going to feel the pain from these types of attacks,” said Mellen.

What are the Effects of the Cyberattack?

Clorox said it was struggling to meet consumer demand for its products after dealing with the aftermath of the August cyberattack.

At the time of the September SEC filing, Clorox said it was ‘still evaluating the extent of the financial and business impact’.

However, after reevaluating, the company now expects to report a financial loss in Q1 2024. Clorox said organic sales during the quarter are forecast to fall between 21% and 26% year-over-year. This is in contrast to the company’s previous estimates of mid single-digit growth.

Clorox now expects to experience ongoing, yet lessening, operational impacts in Q2 2024 as a result of the progress made in returning to normalised operations.

New SEC Rules for Companies

Clorox’s report of the cyberattack is in compliance with new SEC rules that mandate disclosure of material cybersecurity incidents within four days. Companies are also required to report the impact of the incident on their financial condition and its operations.

“If it weren’t for the new SEC rules, it is likely that this attack would not be making headlines right now. The incident was originally disclosed in August, but Clorox is just now disclosing that it will have material impact because of the new rules that went into effect on 5 September,” said Chaz Lever, Senior Director of Security Research at Devo.

Lever added Clorox is one of the first companies required to report on these incidents as a result of the new SEC rules, which could explain the media attention garnered.

Hungry for more tech news?

Sign up for your weekly tech briefings!

Written by Fri 13 Oct 2023

Send us a correction Send us a news tip