Scattered Spider Attacks: 3 Crucial Lessons for Insurance Firms
▼ Summary
– Scattered Spider hackers recently targeted U.S. insurance firms like Aflac, Philadelphia Insurance, and Erie Insurance, stealing sensitive data and causing operational disruptions.
– The group, active since 2022, is known for high-profile breaches like Caesars, MGM Resorts, and Transport for London, often exploiting help desk processes to bypass security.
– Scattered Spider’s 2025 attacks hit UK retailers Marks & Spencer and Co-op, leading to significant financial losses, lawsuits, and service disruptions.
– The group primarily uses identity-based tactics like MFA bypass, credential phishing, SIM swapping, and social engineering to evade traditional security controls.
– Push Security offers tools like Employee Identity Verification Codes to help organizations defend against identity-based attacks, including help desk scams.
Insurance companies face growing threats from sophisticated cybercriminals like Scattered Spider, a hacking group linked to recent breaches targeting major U.S. insurers. These attacks highlight critical vulnerabilities in identity security and help desk procedures, exposing sensitive customer data and causing operational chaos.
The group’s tactics aren’t new, but their effectiveness is alarming. By exploiting weak identity verification processes, Scattered Spider bypasses multi-factor authentication (MFA) and gains access to high-privilege accounts. Recent targets include Aflac, Philadelphia Insurance Companies, and Erie Insurance, all disclosing breaches through SEC filings.
How Scattered Spider Operates
Impersonation: Hackers gather employee details from LinkedIn or other sources, then call help desks pretending to be staff members. This approach isn’t limited to casinos or retailers. Insurance firms are now prime targets due to their vast repositories of personal and financial data.
Three Key Lessons for Insurers
1. Identity-Based Attacks Are the New Standard Scattered Spider doesn’t rely on malware or complex exploits. Instead, they exploit human error and weak authentication protocols. Phishing, SIM swapping, and MFA fatigue attacks are now commonplace, making traditional perimeter defenses insufficient.
2. Help Desk Vulnerabilities Must Be Addressed Outsourced or overworked support teams often follow rigid procedures, making them easy prey for social engineering. Insurers must implement stricter verification steps, such as real-time identity checks or rotating verification codes, to prevent unauthorized resets.
3. Attackers Bypass Traditional Security Controls
Once inside, hackers move laterally through cloud environments and VMware systems, areas where monitoring is often lacking. Enhanced logging, behavioral analytics, and privileged access management (PAM) are critical to detecting and stopping breaches early.
The bottom line? Cybercriminals are evolving faster than many security teams can keep up. By prioritizing identity security and refining internal processes, insurers can reduce their risk of becoming the next headline.
(Source: BLEEPINGCOMPUTER)
