Scattered Spider, a teenage-led (mainly UK and US-based) hacking group has begun targeting insurance companies, sparking fresh warnings from cyber security experts.
Read time: 1 minute
Google’s Threat Intelligence Group (GTIG) confirmed multiple US insurance firms have recently suffered attacks matching Scattered Spider’s methods. Known for breaching major retailers like M&S, Co-Op and Tiffany, the group uses tactics such as phishing, SIM-swapping, and MFA fatigue. These tactics enable Scattered Spider members to bypass identity checks and helpdesk protocols.
Two incidents in early June, affecting Philadelphia Insurance and Erie Insurance, show the threat is real and growing. GTIG warned that the group tends to focus on one sector at a time. Insurance firms are now clearly in its sights and experts believe UK providers could be next.
Unlike ransomware gangs, Scattered Spider relies on social engineering to move fast and exploit human error. “They don’t need advanced exploits,” said Jon Abbott, CEO of ThreatAware. “They get in by tricking people – not by breaking software.”
To stay safe, insurers and other businesses should strengthen helpdesk verification, use phishing-resistant MFA, and monitor for unusual login activity. Above all, building a culture of cybersecurity awareness is essential to stop attackers in their tracks.
To make sure your employees do not fall for phishing emails or social engineering attacks, we have just the thing, KnowBe4. This mature, effective security awareness training programme is simple to deploy. Furthermore the managed service gives you effective reporting, enabling you to target training where it’s most needed.
To request a KnowBe4 demo, or to arrange a meeting with one of our cybersecurity experts, give us a call now on 01535 358161, or drop us an email via our Contact page.
For more info about cybersecurity check out the National Cyber Security Centre’s website
;
