Recent incidents targeting the insurance industry have the hallmarks of the threat group Scattered Spider, according to Google’s threat intelligence chief.
Recently observed cyberattacks targeting the U.S. insurance industry “bear all the hallmarks” of the notorious threat group Scattered Spider, according to Google’s threat intelligence chief.
John Hultquist, chief analyst at the Google Threat Intelligence Group, issued the warning Monday in a statement to outlets including CRN, suggesting a widening of the threat actor’s recent activities.
[Related: 10 Major Ransomware Attacks And Data Breaches In 2024]
The hacker group tracked as Scattered Spider has been blamed for high-profile ransomware attacks including the hugely disruptive 2023 attacks against casino operators MGM and Caesars Entertainment, as well as data extortion attacks.
More recently, Google researchers have connected Scattered Spider to a series of attacks against three British retailers — Marks & Spencer, the Co-op and Harrods.
Now, there are indications that the threat group has turned its attention the U.S., and specifically to the insurance sector, according to the statement from Google’s Hultquist.
“Google Threat Intelligence Group is now aware of multiple intrusions in the U.S. which bear all the hallmarks of Scattered Spider activity,” Hultquist said in the statement.
“We are now seeing incidents in the insurance industry,” he said. “Given this actor’s history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers.”
Past Scattered Spider tactics have included utilizing social engineering and phishing to obtain credentials, and then moving rapidly to compromise cloud environments before gaining a foothold on a virtual machine and establishing persistence on an endpoint, researchers have told CRN.
