In a worrying trend for the insurance sector, the notorious cybercrime group known as Scattered Spider has been linked to a series of ransomware attacks targeting American insurance companies, as revealed by Google. The warning comes as several insurers face network outages, causing significant disruptions to customer access and services.
According to John Hultquist, chief analyst at Google Threat Intelligence Group, the organization is currently monitoring multiple intrusions into the US insurance industry that exhibit clear signs of Scattered Spider’s methodology. The group has a history of focusing on specific sectors at a time, and with the insurance industry now under threat, Hultquist advises vigilance, particularly against social engineering schemes aimed at help desks and call centers.
Before shifting its attention to insurers, Scattered Spider had reportedly executed numerous digital attacks against retailers across the UK and the US. Many of these cyberattacks began with fake help-desk calls, leading to the deployment of DragonForce ransomware in recent breaches, such as those targeting UK retailers.
In a response to the escalating threat, Google has issued guidance to organizations on protective measures against Scattered Spider’s tactics. Recommendations include improving the training of help desk staff to accurately identify callers and implementing stronger authentication methods.
The urgency of Google’s warning is underscored by ongoing network outages at prominent insurers such as Erie Insurance and Philadelphia Insurance Companies. Erie reported a significant network outage affecting all systems on June 8, while its parent company disclosed unusual network activity a day earlier. Despite efforts to restore services, the company noted that the recovery process is complex and ongoing.
Similarly, Philadelphia Insurance Companies confirmed on June 9 that it had detected suspicious activity on its network, resulting in a proactive disconnection of affected systems. A forensic investigation is currently underway, and law enforcement has been notified.
Adding to the concern, on June 13, Tokio Marine North America, which includes PHLY, acknowledged unauthorized access to its systems and disclosed that investigations are still ongoing. These developments highlight the gravity of the current threat landscape facing the insurance industry in the wake of the Scattered Spider attacks.