Hackers gained unauthorized access to IT credentials provided by Cognizant, leading to a costly $380 million ransomware attack; Clorox Corporation alleges negligence in the lawsuit filed against the IT provider.
In August 2023, Clorox suffered a significant data breach, with hackers linked to the Scattered Spider group infiltrating the company's network following a social engineering attack on Cognizant, Clorox's IT provider. The attackers impersonated Clorox employees and requested password resets and MFA resets, which were approved by Cognizant's service desk agents without proper identity verification.
The breach resulted in approximately $380 million worth of damage and disruption for Clorox. The attackers gained multiple credentials, including one with IT-security privileges, which they used to deploy ransomware, crippling manufacturing and distribution systems and causing months of disruption.
Clorox has filed a lawsuit against Cognizant, alleging gross negligence in safeguarding its IT systems. The key allegations against Cognizant's Service Desk include failure to follow Clorox’s password-reset protocols, handing over critical network access "keys" to attackers without any authentication, delayed account containment, and failure to promptly shut down compromised accounts.
The lawsuit provides evidence of Cognizant staff giving passwords without confirming the identity of the caller. In certain instances, Cognizant staff did not verify the identity of the caller and provided passwords without confirmation. This breach was made possible because Cognizant service desk agents allowed password resets without proper verification, enabling the attackers to gain domain-admin level privileges and move laterally across the network.
The case serves as a reminder that even basic social engineering attacks can result in significant damage. It underscores the importance of strict adherence to identity verification protocols in IT companies. Despite Cognizant's policies that include an internal verification and self-reset password tool, as well as checking the identity of the user by asking for their manager's name and their username, the service desk agents allegedly bypassed these protocols.
This incident highlights the vulnerability of even robust cybersecurity systems at their weakest points. It suggests that cybersecurity measures, no matter how sophisticated, can be compromised by human error and trust issues. The lawsuit asserts that Cognizant was not deceived by any advanced hacking techniques, but rather by a simple request for credentials.
The case is a cautionary tale about the importance of vigilance and adherence to security protocols in the face of potential threats. It underscores the need for IT providers to prioritize security and follow established protocols to prevent such incidents.
[1] Clorox Lawsuit Against Cognizant [2] Clorox Suffers Ransomware Attack [3] Cybersecurity Breaches in 2023 [4] Scattered Spider Group [5] Cognizant Responds to Clorox Lawsuit
- Despite having internal cybersecurity measures in place, the Clorox lawsuit against Cognizant highlights the importance of adherence to identity verification protocols, as a simple request for credentials enabled the Scattered Spider group to carry out a ransomware attack.
- The technology sector must prioritize vigilance and strict adherence to security protocols, as demonstrated by the $380 million worth of damage and disruption suffered by Clorox, a result of basic social engineering techniques exploiting weak points in even robust cybersecurity systems.
