Clorox Security Breach Linked to Group Behind Casino Hacks (bloomberg.com) 23
A notorious group of hackers blamed for recent breaches on major casino companies is also suspected of being behind a recent cyberattack against Clorox that has led to a nationwide shortage of its cleaning products. Bloomberg News: Officials suspect that "Scattered Spider" is responsible for a breach that Clorox first disclosed in August, according to four people familiar with the situation, who asked not to be identified because the information isn't public. The same group, known for its so-called social engineering tactics, was tied to attacks on Caesars Entertainment and MGM Resorts International in recent weeks, Bloomberg News previously reported.
Scattered Spider hackers specialize in targeting call centers and IT help desks, impersonating employees to trick support staff into coughing up information to gain access to accounts. The fallout from their recent attacks has been profound. At MGM properties, guests couldn't charge purchases to their rooms, slot machines were shut down and reservation websites weren't working. The impact on Clorox was arguably much worse. The company didn't immediately respond to requests for comment. On Friday, Clorox indicated that it was still working to recover from the disruption. "We are ramping up production and working to restock trade inventories," the company said in a statement. "We are focusing on maximizing shipments and restocking trade inventories."
Scattered Spider hackers specialize in targeting call centers and IT help desks, impersonating employees to trick support staff into coughing up information to gain access to accounts. The fallout from their recent attacks has been profound. At MGM properties, guests couldn't charge purchases to their rooms, slot machines were shut down and reservation websites weren't working. The impact on Clorox was arguably much worse. The company didn't immediately respond to requests for comment. On Friday, Clorox indicated that it was still working to recover from the disruption. "We are ramping up production and working to restock trade inventories," the company said in a statement. "We are focusing on maximizing shipments and restocking trade inventories."
Maybe (Score:5, Insightful)
Maybe, just maybe, we consider going old school and get these systems disconnected from the Internet until a solution is found. I know, sounds crazy, but this shit is only going to get worse. Sneaker-net the information from these air-gapped systems when necessary. The benefits of having your data systems on the Internet have been completely voided at this point. It's only a matter of time before your company is the next victim.
Re: (Score:2)
Re: (Score:2)
[Scattered Spider] known for its so-called social engineering tactics
The success is in fooling people to do something. So even if it were air-gapped, they'd fool someone to travel to said air-gapped system and do the thing.
MOD THIS STORY DOWN (Score:3)
Who puts up paywall stories? Who upvotes them?
Re: (Score:2)
Seriously, this is the only way. Now people really will have to come back into the office.
virus (Score:5, Funny)
Re: (Score:2)
Best wipe the affected systems with
https://www.bleachbit.org/ [bleachbit.org]
and restore from backup.
Re: (Score:2)
Re: (Score:2)
Better use some screen wipes
Roxy the Clorbot (Score:2)
...Clorox indicated that it was still working to recover from the disruption. "We are ramping up production and working to restock trade inventories," the company said in a statement. "We are focusing on maximizing shipments and restocking trade inventories."
Hmm...I don't think we've gotten quite enough clarity on trade inventories, so whom should we ask? The PR bot who wrote this, or the PR bot who wrote this...
A mess Clorox couldn't clean (Score:2)
There's no way to sanitize this, the breach left a stain that Clorox couldn't wipe out.
Buy the Dip! (Score:2)
I didn't even realize that Clorox was an independent company, let alone publicly traded. I always assumed it was just a brand of Johnson & Johnson or something. Amusingly its value skyrocketed in 2020 while most others tanked.
Re: (Score:2)
Same here. All of those people wiping down surfaces during the covid pandemic were buying clorox products. lol
We need a National Chlorine Reserve now! (Score:2)
Unworkable situation (Score:3)
We have an environment with millions of businesses and organizations, all with wildly varying levels of security know how, security concern, systems, etc. All you need are a few very skilled and determined criminal groups to prey on them to tear it up. It is like a big wolf let loose in a pen of lambs. There is no way to keep millions of independently managed systems secure from that sort of threat. Even worse is they are frequently interconnected so you only have to find the weakest point in the system (like a subcontractor allowed access to your network) to undo the security on the rest. At this point I have to wonder if looking at your most valuable assets and physically disconnecting them from the outside is the only truly secure option. Don't keep anything truly valuable on the outward facing systems. Unfortunately you still need to keep sensitive customer information on e-commerce sites to allow for purchasing.
More like (Score:2)
Seculity Bleach?
JUST IN TIME! (Score:1)