Pennsylvania-based insurer disclosed experiencing outages after an incident this month.
Hacking collective Scattered Spider has directed new attacks toward several insurance firms across the U.S.
After initially compromising UK and U.S. based retailers, the collective - also known as UNC3944 - was observed by the Google Threat Intelligence Group to have conducted targets against new targets, CyberScoop reports.
"Google Threat Intelligence Group is now aware of multiple intrusions in the U.S. which bear all the hallmarks of Scattered Spider activity... Given this actor's history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers," said GTIG Chief Analyst John Hultquist.
Such intrusions by Scattered Spider — which were noted by Mandiant Consulting Chief Technology Officer Charles Carmakal to have commenced over a week ago — come after Pennsylvania-based property and casualty insurer Erie Insurance disclosed experiencing outages following a cyber-attack earlier this month.
Additional details linking the attack to the hacking collective remain lacking amid ongoing investigation and systems recovery efforts.
Richard Orange, VP EMEA at Abnormal AI, said that insurance companies hold highly sensitive data, “so it’s no surprise they’re in the crosshairs of Scattered Spider who aim to exploit personal or financial information for monetary gain or disruption.
“This group relies on social engineering rather than technical exploits, and bypasses traditional security controls by manipulating people, such as posing as IT staff or trusted partners.
“Insurance providers and their partners must treat identity systems and help desk procedures as critical assets. They should implement phishing-resistant MFA and strengthen verification processes. This, alongside training staff to rigorously challenge even familiar requests, is essential to defend against evolving social engineering threats.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
