A hacker group recognized for high-profile assaults on retail giants is now turning its consideration to the insurance coverage sector, in keeping with a brand new warning from Google’s Risk Intelligence Group. The group, often known as Scattered Spider, has been linked to a sequence of latest cyber assaults that disrupted entry for insurance coverage prospects throughout america.
The alert follows a sequence of information breaches at main UK retailers earlier this yr. After that wave of assaults, Google analysts famous that Scattered Spider had begun concentrating on US-based retailers. Now, researchers say the group is displaying a transparent curiosity in insurance coverage corporations and is actively exploiting their workforce by means of social engineering.
Centered Focusing on, Acquainted Techniques
“Actors that bear the hallmarks of Scattered Spider at the moment are concentrating on the insurance coverage trade, they’ve a behavior of working their method by means of a sector,” stated John Hultquist, chief analyst at Google’s Risk Intelligence Group. In a submit on X, he famous that Scattered Spider depends closely on social engineering, particularly schemes geared toward assist desks and name facilities.
The tactic isn’t new, but it surely stays efficient. Moderately than counting on advanced exploits or malware, the group regularly poses as workers or contractors to persuade workers to reset passwords or share delicate entry credentials. This method provides attackers a method in, with out having to breach safety
Erie Insurance coverage and Scania Affected
Whereas Google hasn’t publicly named the businesses affected on this newest wave of assaults, Erie Insurance coverage, a Pennsylvania-based supplier, reported a breach on June 7. The corporate has not confirmed who was behind it, however the timing aligns with Google’s warning. Erie has been issuing updates to prospects however has but to share particulars concerning the full extent of the intrusion.
In the meantime, Scania’s insurance coverage division was additionally reportedly affected, including weight to considerations that the group’s give attention to insurers is effectively underway.
Professional View: Social Engineering Stays a Core Risk
Dave Gerry, CEO at Bugcrowd, says the latest exercise highlights long-standing dangers in the best way firms deal with inner assist programs.
“They’ve been exploiting vulnerabilities with social engineering ways, specializing in assist desks and name facilities, the place the human is oftentimes the weakest hyperlink,” Gerry stated. “Incidents just like the one at Erie Insurance coverage present how essential it’s for the insurance coverage sector to revisit its defenses and incident response methods. These aren’t one-off occasions. That is focused, and it’s ongoing.”
Why Insurers?
Insurers maintain delicate monetary and private knowledge, a tempting goal for attackers. However what makes them particularly weak is the mix of high-value data and complicated buyer assist programs, which frequently require workers to deal with pressing entry requests or account modifications.
When menace actors can impersonate workers or prospects convincingly sufficient, assist desk workers could unknowingly hand over entry to inner instruments or person accounts.
Organizations ought to evaluation how assist groups confirm id and handle account entry. Multi-step verification, higher coaching, and limiting permissions may also help cut back the chance of a profitable social engineering assault.
