Hackers associated with a recent series of cyberattacks on retailers in the U.K. and U.S. have shifted their focus to the insurance industry, according to researchers at Google. The attackers, believed to be part of the collective known as Scattered Spider, began targeting retailers in April and have now pivoted to the insurance sector earlier this month.
Multiple Confirmed Incidents
Google’s Threat Intelligence Group has confirmed multiple intrusions in the U.S. insurance industry that bear the hallmarks of Scattered Spider activity. “We are now seeing incidents in the insurance industry,” said John Hultquist, chief analyst at Google Threat Intelligence Group. “Given this actor’s history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers.”
Sophisticated Social-Engineering Techniques
Scattered Spider is known for its sophisticated social-engineering tactics designed to trick IT help desks into bypassing multifactor authentication or handing over credentials. The group has previously targeted specific industries in clusters, including MGM Resorts and other casino companies. Mandiant released a hardening guide in May to help security teams protect against Scattered Spider’s techniques.
Erie Insurance Investigates Cyberattack
The shift in targeting comes as Erie Insurance investigates a suspected cyberattack discovered on June 7. The company detected unusual activity and is working with law enforcement and forensic security teams to determine the cause of a “network outage” linked to an information-security incident. Erie Insurance operates in 12 states and has over 7 million active policies. The company has warned customers not to click on links from unknown sources or share personal information by phone or email.
Industry Alert
The insurance industry is on high alert following Google’s disclosure. While Erie Insurance has not attributed the incident to a specific threat actor, the timing coincides with Scattered Spider’s reported shift in targeting. The group’s tactics highlight the need for insurance companies to strengthen their defenses against social engineering attacks, particularly in help desks and call centers.
