Watch out, insurance industry. A well-known cybercrime group appears to have shifted focus to insurers.
Apparently, recent cybersecurity incidents at Erie Insurance, Philadelphia Insurance Cos., and most recently Aflac are indicative of a trend. The largely decentralized hacking group known as Scattered Spider have switched focus from retailers to insurance companies, according to Google Threat Intelligence Group.
“Actors that bear the hallmarks of Scattered Spider are now targeting the insurance industry,” John Hultquist, chief analyst at Google’s Mandiant, posted to X. “They have a habit of working their way through a sector. Insurance companies should be on the lookout for social engineering schemes targeting their call centers.”
Scattered Spider, partnering with ransomware-as-a-service group DragonForce, had in recent months been concentrating on the retail sector in the U.S. and U.K., causing havoc to Whole Foods supplier United Natural Foods, Marks & Spencer, Co-op, Adidas, The North Face, Cartier, and Victoria’s Secret, among others.
Since Hultquist’s first post on the cybercrime group’s change in industry focus, the U.S. has bombed Iran—raising some concern that retaliation could include cyberattacks. Even with the increased cyber threat from Iran, Hulquist said the “threat I lose sleep over is Scattered Spider.”
“They are already taking food off shelves and freezing businesses. The Iranian hackers may not even have Internet access, but these kids are in play right now,” he posted.
Keith Wojcieszek, global head of threat intelligence at Kroll, told Insurance Journal he recently received some information that one insurer was the victim of phishing, which gained access to the company’s information technology. The hackers then use the information they can see to research the company’s hierarchy and fuel social engineering efforts.
Like the retail sector, insurers have a huge amount of valuable personal identifiable information and financial data to store, use and sell. Also, insurers have information on insureds, which may be used to identify the next targets, according to Wojcieszek.
“These attacks may be about money but there could also be a two-prong approach,” he said, explaining that insurers now gather a lot information on companies in order to insure them. “The network security of each company—[insurers] are so detailed on the cybersecurity each company has. What a wealth of knowledge to have to know how to attack the next company or industry, or develop tools to go in and attack.”
On the positive side, Wojcieszek pointed out, cyber insurance policies have become service contracts so many insurers already have close relationships with the cybersecurity vendors they offer as part of a cyber insurance product.
“The good news is the (the insurance industry) understand what they need to do and how to address this because they’re doing it every day,” he said. Nevertheless, Wojcieszek suggested a refresh in employee training to thwart potential phishing or social engineering efforts.
Topics
Trends
Cyber
Interested in Cyber?
Get automatic alerts for this topic.
