Google’s Threat Intelligence Group has issued a warning that the cybercriminal group Scattered Spider has shifted its focus from retail to the insurance sector, raising concerns about ransomware and data theft extortion.
Scattered Spider’s History and Recent Activity
Tracked by Google and Mandiant as UNC3944, Scattered Spider has operated for several years, occasionally pausing its activities due to law enforcement actions. However, the group is now highly active again, using sophisticated social engineering tactics to infiltrate organizations.
Previously, Scattered Spider was linked to cyberattacks on major UK retailers, including Co-op, Harrods, and Marks & Spencer, as well as a potentially affiliated ransomware group named DragonForce. Google later warned that the group had turned its attention to U.S. retailers before now targeting insurance companies.
Insurance Industry at High Risk
John Hultquist, Chief Analyst at Google Threat Intelligence Group, cautioned that the insurance industry should be on high alert, particularly for social engineering schemes targeting help desks and call centers.
While Google has not disclosed specific details about the latest attacks, it has referred organizations to guidance published last month on defending against Scattered Spider’s tactics.
Potential Victims and Ongoing Investigations
One possible victim is Erie Insurance, a Pennsylvania-based insurance company that detected a cybersecurity breach on June 7. Erie has been providing updates on the incident, but the identity of the attackers remains unclear.
For more details, visit SecurityWeek.
