Particle.news
Download on the App Store
3 ARTICLES
·
2d ago

Scattered Spider Shifts Focus to US Insurers

Following simultaneous outages at major insurers, Google’s warning urges stronger authentication measures coupled with employee training to counter social engineering.

A password is entered on a laptop keyboard in Cologne, North Rhine-Westphalia, on August 25, 2014. A smartphone screen displays the Google app logo, with the Google brand logo in the background, on November 6, 2024 in Chongqing, China.
Image

Overview

  • Google Threat Intelligence Group has issued a high alert after detecting multiple intrusions in the US insurance sector that match Scattered Spider’s tactics.
  • Erie Insurance reported a network outage beginning June 8 after spotting unusual activity on June 7 and is conducting forensic analysis with leading cybersecurity experts.
  • Philadelphia Insurance Companies identified unauthorized access on June 9, disconnected affected systems to contain the breach and has notified law enforcement for an ongoing investigation.
  • Scattered Spider employs sophisticated social engineering methods—phishing, SIM-swapping and MFA fatigue—for initial access and has been observed deploying ransomware variants like RansomHub, Qilin and DragonForce.
  • Google recommends insurers achieve full infrastructure visibility, enforce phishing-resistant multi-factor authentication and train help-desk staff to verify callers and spot impersonation attempts.