A recent SEC filing revealed that Clorox fell victim to a cyberattack, leading to decreased production levels and subsequent product shortages for their consumers. Although the company has not provided details concerning the attack, it is believed that what they suffered was a ransomware incident, given the offline systems and disruption of multiple operations. As of now, no group has come forward to claim responsibility. The company has issued a warning that the aftermath of the attack will negatively impact first quarter results for 2024, and the company’s stock has fallen 17% in the past 30 days.
Identify Indicators of Compromise (IoC)
On August 14, 2023, the company announced the detection of unauthorized activity on some of its Information Technology (IT) systems and took immediate measures to stop and remediate the activity, including the temporary shutdown of specific systems. In their latest Form 10K report, mandated annually for public companies by the U.S. Securities and Exchange Commission, the company acknowledged an increasing vulnerability to cyber-threats due to its growing dependence on technology. These threats encompass computer viruses, malicious codes, ransomware, unauthorized access, business email compromise (BEC), cyber extortion, denial of service attacks, phishing, social engineering, hacking, and various other cyberattacks aiming to exploit system vulnerabilities.
Actions Taken (If IOCs are identified)
Clorox is currently working with the FBI and has engaged external security experts to aid in their ongoing investigation. The Company continues to repair its infrastructure and is slowly bringing systems back online that were taken offline. With many of its automated systems offline, Clorox has implemented many workarounds for its offline operations to keep serving its customers. Leadership expects to transition back to normal automated order processing the week of Sept. 25 and from there, will strive to attain full scale production over time. At this time the company says it cannot provide a time horizon to achieve fully normalized operations.
Prevention (If IOCs are identified)
Manufacturing has evolved significantly recently as the industry has undergone a comprehensive digital transformation, integrating technology into production processes, supply chain management and logistics. This in turn has made them a popular target of cybercriminals. This increased reliance on technology has also created a larger attack surface. Manufacturing enterprises are comprised of many IoT sensors, legacy software, and a great deal of automation. The complexity introduced by these technological integrations poses significant cybersecurity challenges. Nevertheless, reinforcing security in manufacturing centers is essential as a 2022 study conducted by IBM showed that no industry is targeted by cyber attackers more than manufacturing.
Securing a manufacturing complex begins with conducting a comprehensive risk assessment to identify vulnerabilities that threat actors could exploit. A Risk assessment in the context of a manufacturing firm involves the process of identifying, evaluating, and prioritizing potential vulnerabilities and threats to the firm’s information systems, operational technologies, processes, and overall infrastructure. This exercise helps manufacturers determine where their defense mechanisms might be lacking and where they need to allocate resources to ensure maximum protection.
HALOCK Security Labs offers security risk assessments rooted in the Duty of Care Risk Analysis Standard (DoCRA). This approach ensures that organizations implement safeguards that effectively shield others from harm while maintaining a reasonable burden on themselves. You can refer here to learn more about our risk assessment methodology.