## Scattered Spider Cybercrime Group Targets U.S. Insurance Companies
The notorious cybercrime group known as Scattered Spider, previously linked to attacks on British and American retailers, has shifted its focus to targeting major U.S. insurance companies. This warning comes from Google’s Threat Intelligence Group (GTIG), which has identified multiple intrusions in the U.S. bearing the hallmarks of Scattered Spider activity[1][3][4].
### Background on Scattered Spider
Scattered Spider, also known as UNC3944, is an amorphous collective infamous for its sophisticated social engineering tactics, which involve impersonating employees to deceive IT support teams and bypass multi-factor authentication (MFA) through psychological manipulation[3]. Although there were reports of an alliance with the DragonForce ransomware cartel, GTIG has not observed any evidence of collaboration or the use of their ransomware in recent attacks[3].
### Recent Attacks on Insurance Companies
Following a series of ransomware attacks against retailers in both the U.S. and the U.K., Scattered Spider has now turned its attention to the insurance sector. This shift has prompted Google to issue a warning to the industry, emphasizing the need for vigilance, particularly against social engineering schemes targeting help desks and call centers[3][4].
### Impact on Insurance Companies
Several U.S. insurance companies have recently experienced network outages and system disruptions, although it has not been confirmed whether these incidents are directly linked to Scattered Spider’s activities. For instance, Erie Insurance and Philadelphia Insurance Companies have faced significant network disruptions, with Erie Insurance reporting an “information security event” and Philadelphia Insurance Companies confirming unauthorized access to their systems[5].
### Protective Measures
To counter these threats, Google recommends that companies enhance their security measures. This includes training help desk staff to verify callers through methods like camera verification or challenge-and-response questions and implementing stronger authentication methods, such as phishing-resistant multi-factor authentication[5].
### Ongoing Investigations
Erie Insurance and Philadelphia Insurance Companies are working with law enforcement and cybersecurity experts to investigate and contain the threats. Both companies are conducting forensic analyses to fully understand the nature of the incidents and are taking steps to restore customer access[5].
As the insurance industry remains on high alert, the focus is on strengthening defenses against Scattered Spider’s tactics to prevent further disruptions.
