FlagThis - #cyberthreat

Scattered Spider, a cybercrime collective known for targeting U.K. and U.S. retailers, has shifted its focus to the U.S. insurance industry, according to warnings issued by Google Threat Intelligence Group (GTIG). The group, tracked as UNC3944, is known for utilizing sophisticated social engineering tactics to breach organizations, often impersonating employees, deceiving IT support teams, and bypassing multi-factor authentication (MFA). Google is urging insurance companies to be on high alert for social engineering schemes targeting help desks and call centers, emphasizing that multiple intrusions bearing the hallmarks of Scattered Spider activity have already been detected in the U.S.

GTIG's warning comes amidst a recent surge in Scattered Spider activity, with multiple U.S.-based insurance companies reportedly impacted over the past week and a half. The threat group has a history of targeting specific industries in clusters, with previous attacks impacting MGM Resorts and other casino companies. Security specialists emphasize that Scattered Spider often targets large enterprises with extensive help desks and outsourced IT functions, making them particularly susceptible to social engineering attacks. The group is also suspected of having ties to Western countries.

The shift in focus towards the insurance sector follows Scattered Spider's previous campaigns targeting retailers, including a wave of ransomware and extortion attacks on retailers and grocery stores in the U.K. in April. To mitigate against Scattered Spider's tactics, security experts recommend enhancing authentication, enforcing rigorous identity controls, implementing access restrictions, and providing comprehensive training to help desk personnel to effectively identify employees before resetting accounts. One insurance company, Erie Insurance, has already reported a cyberattack earlier this month, although the perpetrators have not yet been identified.


References :

• Threats | CyberScoop: Scattered Spider, fresh off retail sector attack spree, pivots to insurance industry
• The Hacker News: Google Warns of Scattered Spider Attacks Targeting IT Support Teams at U.S. Insurance Firms
• www.cybersecuritydive.com: Threat group linked to UK, US retail attacks now targeting insurance industry
• hackread.com: Scattered Spider Aims at US Insurers After UK Retail Hit, Google Warns
• The Record: Security analysts at Google’s Threat Intelligence Group published a warning this week to insurance companies, writing that it is “now aware of multiple intrusions in the US which bear all the hallmarks of Scattered Spider activity.â€
• www.scworld.com: Scattered Spider group attacking US insurance industry, Google says
• SecureWorld News: Scattered Spider Swarms Insurance Sector with Targeted Cyber Attacks, Google Warns
• Zack Whittaker: Google's John Hultquist says in an emailed statement that the company is seeing "multiple intrusions in the US" that bear the hallmarks of Scattered Spider activity and "now seeing incidents in the insurance industry." Google spokesperson confirmed there's more than one U.S.-based insurance victim.
• cyberscoop.com: Scattered Spider, fresh off retail sector attack spree, pivots to insurance industry
• www.cybersecuritydive.com: Aflac duped by social-engineering attack, marking another hit on insurance industry
• www.cyjax.com: Weaving Chaos – Scattered Spider’s Cyberattacks Spin a Dangerous Web Across the Insurance Industry
• eSecurity Planet: Aflac confirms a cyberattack exposed sensitive customer data, citing social engineering tactics amid a wave of breaches targeting US insurers.
• CYJAX: Weaving Chaos – Scattered Spider’s Cyberattacks Spin a Dangerous Web Across the Insurance Industry
• cyberscoop.com: Aflac duped by social-engineering attack, marking another hit on insurance industry
• DataBreaches.Net: Aflac notifies SEC of breach suspected to be work of Scattered Spider
• Threats | CyberScoop: Aflac duped by social-engineering attack, marking another hit on insurance industry
• www.prnewswire.com: Aflac incorporated discloses cybersecurity incident.
• cyberpress.org: Aflac Incorporated, a major U.S.-based insurance company, reported a significant cybersecurity breach involving unauthorized access to its corporate network.
• www.techradar.com: Reports details on a cyberattack targeting Aflac
• techcrunch.com: US insurance giant Aflac says customers’ personal data stolen during cyberattack

Classification:

• HashTags: #CyberThreat #Insurance #ScatteredSpider
• Company: Google
• Target: U.S. Insurance Firms
• Attacker: Scattered Spider
• Feature: Data theft, Extortion
• Type: Hack
• Severity: Major