Cybercriminals associated with both the UK and US, initially focusing on retail outlets, have expanded their targets to the insurance sector.
In a recent turn of events, Erie Insurance has reported an unusual activity to the Securities and Exchange Commission, suspected to be a cyberattack that started on June 7. The attack, which has caused a "network outage" linked to an information-security incident, is believed to be the work of a collective known as Scattered Spider.
Google researchers have linked Scattered Spider to a series of attacks on U.K. and U.S. retailers, as well as casino companies such as MGM Resorts. According to John Hultquist, chief analyst at Google Threat Intelligence Group, there has been a "wave of targeting" over the past one and a half weeks, with multiple confirmed incidents at insurance companies.
Scattered Spider is notorious for its sophisticated social-engineering techniques. They impersonate IT and helpdesk staff via phone calls or SMS to deceive employees into divulging credentials or authentication codes, bypassing multi-factor authentication (MFA). The collective also exploits fragmented and legacy IT environments, manual workflows and data handling, large, distributed employee bases, and weak links through subsidiaries in insurance firms.
To defend against Scattered Spider attacks, it is recommended that the insurance industry strengthens its social engineering defenses, enforces robust MFA practices, segments and hardens IT environments, minimizes manual data workflows, utilizes data masking and encryption, and monitors and responds to anomalous activity.
John Hultquist advises the insurance industry to be on high alert, especially for social engineering schemes which target their help desks and call centers. Erie Insurance has warned its customers not to respond to phone or email requests for payments, not to click on links from unknown sources, and not to share personal information with anyone by phone or email.
Erie Insurance is working with law enforcement and forensic security teams to determine the cause and full scope of the incident. Google's disclosure about Scattered Spider targeting insurers is in relation to an ongoing investigation by Erie Insurance. Mandiant released a hardening guide for security teams focused on Scattered Spider’s techniques in early May.
As of the current information, neither Erie nor any researcher has blamed the incident on a threat actor. The investigation is ongoing, and updates will be provided as more information becomes available.
- The cyberattack on Erie Insurance, allegedly by Scattered Spider, has prompted the insurance industry to bolster their cybersecurity measures, focusing on strengthening social engineering defenses, enforcing robust multi-factor authentication (MFA) practices, and minimizing manual data workflows.
- John Hultquist, from Google Threat Intelligence Group, advocates for the insurance sector to be vigilant against social engineering schemes, particularly those targeting help desks and call centers, as Scattered Spider is known for such tactics.
- Amid the ongoing investigation into the cyberattack on Erie Insurance, recommendations for bolstering cybersecurity in the finance sector include the use of data masking and encryption, segmenting and hardening IT environments, and monitoring and responding to anomalous activity, as outlined in Mandiant's hardening guide published in early May.
