Cybercriminals associated with both the UK and US, initially focusing on retail outlets, have expanded their targets to the insurance sector.
In a recent turn of events, Erie Insurance has reported an unusual activity to the Securities and Exchange Commission, suspected to be a cyberattack that started on June 7. The attack, which has caused a "network outage" linked to an information-security incident, is believed to be the work of a collective known as Scattered Spider.
Google researchers have linked Scattered Spider to a series of attacks on U.K. and U.S. retailers, as well as casino companies such as MGM Resorts. According to John Hultquist, chief analyst at Google Threat Intelligence Group, there has been a "wave of targeting" over the past one and a half weeks, with multiple confirmed incidents at insurance companies.
Scattered Spider is notorious for its sophisticated social-engineering techniques. They impersonate IT and helpdesk staff via phone calls or SMS to deceive employees into divulging credentials or authentication codes, bypassing multi-factor authentication (MFA). The collective also exploits fragmented and legacy IT environments, manual workflows and data handling, large, distributed employee bases, and weak links through subsidiaries in insurance firms.
To defend against Scattered Spider attacks, it is recommended that the insurance industry strengthens its social engineering defenses, enforces robust MFA practices, segments and hardens IT environments, minimizes manual data workflows, utilizes data masking and encryption, and monitors and responds to anomalous activity.
John Hultquist advises the insurance industry to be on high alert, especially for social engineering schemes which target their help desks and call centers. Erie Insurance has warned its customers not to respond to phone or email requests for payments, not to click on links from unknown sources, and not to share personal information with anyone by phone or email.
Erie Insurance is working with law enforcement and forensic security teams to determine the cause and full scope of the incident. Google's disclosure about Scattered Spider targeting insurers is in relation to an ongoing investigation by Erie Insurance. Mandiant released a hardening guide for security teams focused on Scattered Spider’s techniques in early May.
As of the current information, neither Erie nor any researcher has blamed the incident on a threat actor. The investigation is ongoing, and updates will be provided as more information becomes available.
Read also:
- Industrial robots in China are being installed at a faster rate than in both the United States and the European Union, as the global market for these robots faces a downturn.
- Stock markets in India anticipated a moderate opening, influenced by mixed signals from global markets.
- Tesla's Model Y ride-sharing service halts operations in New York City
- Experienced a 4,000-mile journey in my 2025 Lexus GX 550 on Trail, found the vehicle packed with power, yet the infotainment system exhibited a disconcerting habit of resetting my personal settings arbitrarily.
