Threat intelligence researchers are warning of hackers breaching multiple U.S. companies in the insurance industry using all the tactics observed with Scattered Spider activity.
Typically, the threat group has a sector-by-sector focus. Previously, they targeted retail organizations in the United Kingdom and then switched to targets in the same sector in the United States.
“Google Threat Intelligence Group is now aware of multiple intrusions in the US which bear all the hallmarks of Scattered Spider activity. We are now seeing incidents in the insurance industry,” John Hultquist, Chief Analyst at Google Threat Intelligence Group (GTIG), told BleepingComputer.
We’ve been talking about Scattered Spider quite a lot within these podcasts, and shall this actually be a surprise that they’ve switched their focus to this market?
Insurance companies hold a lot of weight, because they pay out claims that may be made depending on the policy that is being used and the case.
If actors are aware that there are billions to be had, why not? Its just another method for them to get their wares out and cause more havoc; not like they’re not doing tht already.
Scattered Spider is the name given to a fluid coalition of threat actors that employ sophisticated social engineering attacks to bypass mature security programs.
We’ve talked about naming of these groups, so seeing multiple for this is not surprising.
To add to their names, this paragraph says:
The group is also tracked as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra, and has been linked to breaches at multiple high-profile organizations that mixed phishing, SIM-swapping, and MFA fatigue/MFA bombing for initial access.
The article continues:
In a later stage of the attack, the group has been observed dropping ransomware like RansomHub, Qilin, and DragonForce.
The article continues:
Since Scattered Spider relies on social engineering, organizations should educate employees and internal security teams on impersonation attempts via various channels (SMS, phone calls, messaging platforms) that may sometimes include aggressive language to scare the target into compliance.
It goes in to detail about the recent hacks at Marks and Spenser and other U.K. companies which we’ve talked about in our failing Sans podcast which I want to restart again. I’ve just been behind.
So now we can say that Scattered Spider, or one of their affiliate names breached them.
To read this article in full, please read Hackers switch to targeting U.S. insurance companies and make sure you understand how to protect yourself.
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.