Хакери зламали компанію Clorox одним дзвінком в техпідтримку / Depositphotos
Hacking may seem like a complicated business, but not when you’re targeting people who are too trusting. For example, in 2023, the American household chemicals manufacturer Clorox was hacked with a single call thanks to a tech support worker who was not afraid to share his password with an anonymous person.
Now Clorox has filed a lawsuit against Cognizant, whose employees have been providing outsourced technical support to the manufacturer since 2013, and in August 2023, they provoked a «critical» information leak. It didn’t take much effort for the hackers to break in at the time — one simply called tech support, introduced himself as a Clorox employee, and asked to reset his password because he couldn’t log in. He was immediately granted access, without being asked to verify his identity.
«Cognizant was not fooled by any sophisticated tricks or sophisticated hacking methods», the lawsuit says. «The cybercriminal simply called and asked for credentials to access the Clorox network, which were immediately provided, without any authentication questions».
The document provides a transcript of the recorded dialog with the cybercriminal:
Hacker: I don’t have a password, so I can’t connect.
Technical Support: Okay, so can I tell you the password?.
Hacker: Yes, what’s the password?
Technical support: Wait a minute. So, it starts with the words..
After the hacker got the password, he asked to disable MFA (multi-factor authentication) on Okta and Microsoft corporate accounts.
Hacker: My Microsoft multi-factor authentication isn’t working. Can you turn it off? It’s on my old phone… [unintelligible].
Technical support: Thank you for holding, Alex. Multifactor authentication is disabled. Please check to see if you can sign in.
Hacker: Good. I can log in now. Thank you.
The next day, the cybercriminal repeated all these actions, introducing himself as a Clorox information security officer — the trick worked for another technical support representative.
Technical support: How can I help you today?
Hacker: My Okta password didn’t work…
Technical Support: I will reset your password from my end immediately. Okay. And we’ll see how that works. Okay. [After a short wait] Thank you… Thank you for your patience. So… the password is Clorox@123.
In the end, the cybercriminals planted malware and copied corporate data, which led to a halt in the production process and logistics disruptions. According to Clorox, the intrusion cost them $380 million — the money the company is trying to recover from Cognizant. The latter does not recognize its guilt, judging by the public comment of its representative:
«It is shocking that a corporation like Clorox had such a poor internal cybersecurity system to counter this attack. They are trying to blame us for these failures, but in reality, Cognizant was hired for a narrow range of support services, which the company reasonably performed. Cognizant was not responsible for the cybersecurity of Clorox».
Source: Arstechnica
Контент сайту призначений для осіб віком від 21 року. Переглядаючи матеріали, ви підтверджуєте свою відповідність віковим обмеженням.
Cуб'єкт у сфері онлайн-медіа; ідентифікатор медіа - R40-06029.