It's not clear what the incident was, and Clorox hasn't said, but signs point to ransomware.
Cyber incident disrupts Clorox.
Cleaning product company Clorox disclosed that it sustained a cyber incident that forced it to take certain systems offline, the Record reports. The company stated in an 8-K filing, “To the extent possible, and in line with its business continuity plans, Clorox has implemented workarounds for certain offline operations in order to continue servicing its customers.” The company is coordinating with law enforcement, and has hired a cybersecurity firm to assist with the recovery.
While the company didn’t specify the nature of the incident, Infosecurity Magazine quotes Jordan Schroeder, managing CISO at Barrier Networks, as saying the incident response suggests that it may have been a ransomware attack.
Remote work and personal devices expand the attack surface.
Ted Miracco, CEO of Approov Mobile Security, offered the following observations:
“Clorox and many other companies are being adversely affected by a one-two punch of a shift to remote work and the concurrent reliance on personal mobile devices. This dynamic has dangerously expanded the attack surface for cyber threats, especially business email compromise, cyber extortion, phishing, and other social engineering attacks.
“Organizations must urgently prioritize protections for this new perimeter, and it is especially important to focus on remote workers whom may be using personal devices that are not as secure as company-issued devices.”
Steve Hahn, Executive VP at BullWall, commented:
“As Clorox indicated in their company 10K filings, cyber-attacks have escalated in the last few years due to their new "hybrid" work-from-home model. Like many companies, this work model expands the attack surface and makes the job of securing the endpoints nearly impossible. Broadly speaking, we've seen a huge uptick as a result of increased efforts by threat actors who now have vastly more attack vectors to take advantage of.
“It doesn’t seem to matter how good a company’s preventative posture is, with a determined threat actor it's a matter of ‘when’ not ‘if’ the attackers are successful. Because of this companies need to adopt a post breach mentality that looks to respond and recover in milliseconds by containing the attack, and not just focusing on prevention.”