WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:0
00:00.009 –> 00:05.519
In 2024, IBM identified the manufacturing
sector as the industry most attacked by
00:05.519 –> 00:10.319
cybercriminals for the third straight year,
which is why we see even the biggest brands
00:10.319 –> 00:15.000
being impacted by the work of hackers.
Bleach maker Clorox is coming clean about the
00:15.000 –> 00:19.959
details surrounding a recent ransomware attack,
but the finger pointing extends past the gang
00:19.959 –> 00:23.510
of perpetrators and all the way to the
company’s IT provider,
00:23.719 –> 00:28.287
and Clorox believes that the IT firm’s
faults in this situation were so egregious that
00:28.287 –> 00:30.037
it has filed a lawsuit.
00:30.326 –> 00:35.117
The suit points to a 2023 incident in which
hackers from the group Scattered Spider
00:35.367 –> 00:37.806
targeted several firms.
According to Reuters,
00:37.926 –> 00:42.687
Scattered Spider is particularly adept at
tricking IT help desks into handing over
00:42.687 –> 00:45.876
credentials and then using that access to lock
them up for ransom,
00:46.126 –> 00:49.326
which is exactly what Clorox says happened in
its case.
00:49.606 –> 00:54.083
In fact, Clorox’s lawsuit
claims suggest it was almost easy.
00:54.293 –> 00:59.094
The company alleges that one of the group’s
hackers was able to repeatedly steal employees’
00:59.094 –> 01:02.923
passwords simply by calling the IT desk with
its service provider,
01:03.094 –> 01:08.094
Cognizant, and simply asking for credentials.
And while the hackers were posing as Clorox
01:08.094 –> 01:13.753
employees, Clorox alleges the service desk
didn’t ask for verification details of any kind.
01:14.013 –> 01:18.541
Reuters reviewed the lawsuit documents, which
included transcripts and other details showing
01:18.541 –> 01:20.011
just how basic the scheme was.
01:20.221 –> 01:25.710
According to the suit, Cognizant was not duped
by any elaborate ploy or sophisticated hacking
01:25.710 –> 01:29.051
techniques.
Cognizant handed the credentials right over.
01:29.221 –> 01:33.621
Clorox said that the hack resulted in $380
million in damages,
01:33.740 –> 01:38.380
a large chunk of which came from the company’s
inability to ship its goods in the immediate
01:38.380 –> 01:40.070
aftermath of the attack.
01:40.380 –> 01:42.100
I’m Anna Wells.
This is Manufacturing Now.