U.S. Insurance Firms Now Prime Targets for Cyber Hackers
▼ Summary
– Hackers linked to Scattered Spider are targeting U.S. insurance companies, using tactics seen in previous attacks on retail sectors in the U.K. and U.S.
– Google Threat Intelligence Group warns the insurance industry to be on high alert due to the group’s sector-focused approach and social engineering tactics.
– Two U.S. insurance companies, Philadelphia Insurance and Erie Insurance, recently reported cyberattacks causing system outages and disruptions.
– Scattered Spider employs sophisticated social engineering, including phishing and SIM-swapping, and has been observed deploying ransomware like RansomHub and DragonForce.
– Defenses against Scattered Spider include infrastructure visibility, strong authentication, employee training, and monitoring for unusual login activity.
Cybercriminals are increasingly targeting U.S. insurance companies, with recent breaches showing clear signs of activity linked to the notorious hacking group Scattered Spider. Security experts warn that these attacks follow a pattern of sector-focused intrusions, shifting from retail organizations in the U.K. to American insurance firms.
John Hultquist, Chief Analyst at Google Threat Intelligence Group (GTIG), confirmed multiple incidents matching Scattered Spider’s methods. “Given their history of sequential sector attacks, the insurance industry should prepare for heightened risks,” he emphasized. The group often exploits social engineering tactics, particularly targeting help desks and call centers to gain unauthorized access.
Recent incidents highlight the urgency of these warnings. Philadelphia Insurance Companies (PHLY) reported a breach on June 9, forcing them to isolate affected systems. Their website remains offline as investigations continue. Similarly, Erie Insurance disclosed disruptions starting June 7, attributing the incident to unusual network activity that triggered emergency security measures.
Scattered Spider, also known by aliases like 0ktapus and UNC3944, specializes in bypassing advanced security measures through phishing, SIM-swapping, and multi-factor authentication (MFA) fatigue attacks. Once inside a network, they often deploy ransomware such as RansomHub, Qilin, or DragonForce, escalating the damage.
To counter these threats, organizations must prioritize infrastructure visibility, identity segregation, and strict authentication protocols. GTIG advises implementing rigorous controls for password resets and MFA enrollment while training staff to recognize impersonation attempts across communication channels.
The U.K. National Cyber Security Centre (NCSC) has also issued guidance following similar attacks on major retailers. Their recommendations include enforcing two-factor authentication, monitoring suspicious logins, and verifying administrative account access. Additionally, businesses should scrutinize helpdesk verification processes, especially for high-privilege accounts, and watch for unusual login sources like residential VPNs.
As cyber threats evolve, proactive defense strategies and employee awareness remain critical in safeguarding sensitive data and operations. The insurance sector, now squarely in hackers’ crosshairs, must act swiftly to mitigate risks.
Updated June 17 with details on recent insurance company breaches.
(Source: Bleeping Computer)
