日本語
한국어
Tiếng Việt
简体中文
Threat intelligence experts are sounding the alarm: U.S. insurance companies are now prime targets for cyberattacks, with hackers leveraging tactics reminiscent of the infamous Scattered Spider group.
This shift in focus follows a pattern observed with Scattered Spider, known for targeting specific sectors in succession. Previously, they wreaked havoc on UK retail before setting their sights on the U.S. market.
Google Warns of Escalating Threat
“Google Threat Intelligence Group is aware of multiple intrusions in the U.S. bearing all the hallmarks of Scattered Spider activity. We are now seeing incidents in the insurance industry,” stated John Hultquist, Chief Analyst at GTIG, in a communication with BleepingComputer.
Hultquist emphasized the urgency of the situation, advising the insurance industry to be on high alert, particularly concerning social engineering attempts targeting help desks and call centers.
Recent Cyber Incidents Rock the Insurance World
This month alone, two major insurance providers have publicly disclosed cyberattacks impacting their systems:
- Philadelphia Insurance Companies (PHLY): On June 9th, PHLY detected unauthorized network access and promptly disconnected affected systems to contain the breach. The company’s website still reflects the ongoing outage.
- Erie Insurance: Business disruptions began on June 7th, with the company later reporting “unusual network activity” as the cause in a filing with the U.S. Securities and Exchange Commission. Immediate protective measures were taken to safeguard systems and data.
Understanding Scattered Spider’s Modus Operandi
Scattered Spider, also known as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra, is a sophisticated threat group notorious for employing advanced social engineering techniques to bypass robust security protocols.
Their methods include a combination of phishing, SIM-swapping, and MFA fatigue/MFA bombing to gain initial access, often followed by deploying ransomware such as RansomHub, Qilin, and DragonForce.
Fortifying Defenses Against Scattered Spider
Organizations must prioritize comprehensive visibility across their infrastructure, identity systems, and critical management services to effectively defend against Scattered Spider.
GTIG recommends:
- Segregating identities.
- Enforcing strong authentication criteria.
- Implementing rigorous identity controls for password resets and MFA registration.
Employee education is also crucial. Training should focus on recognizing and mitigating impersonation attempts via SMS, phone calls, and messaging platforms, especially those employing aggressive or intimidating tactics.
Lessons Learned from UK Retail Attacks
Following similar Scattered Spider-linked attacks on Marks & Spencer, Co-op, and Harrods in the U.K., the National Cyber Security Centre (NCSC) issued guidance to bolster cybersecurity defenses.
Key recommendations include:
- Enabling two-factor or multi-factor authentication.
- Monitoring for unauthorized logins.
- Verifying the legitimacy of Domain Admin, Enterprise Admin, and Cloud Admin account access.
- Reviewing helpdesk authentication procedures for credential resets, particularly for employees with elevated privileges.
- Identifying logins from unusual sources, such as VPN services from residential IP ranges.
[Update June 17]: Added information regarding recent cyberattacks impacting Philadelphia Insurance Companies and Erie Insurance.
Related Articles
- Hackers behind UK retail attacks now targeting US companies
- Erie Insurance confirms cyberattack behind business disruptions
- Grocery wholesale giant United Natural Foods hit by cyberattack
- Scania confirms insurance claim data breach in extortion attempt
- WestJet investigates cyberattack disrupting internal systems
Tags: Cyberattack, Google, Insurance, Scattered Spider, USA
By Ionut Ilascu, Cybersecurity Writer