农夫导航

Watch out, insurance industry. A well-known cybercrime group appears to have shifted focus to insurers.

Apparently, recent cybersecurity incidents at Erie 农夫导航, Philadelphia 农夫导航 Cos., and most recently Aflac are indicative of a trend. The largely decentralized hacking group known as Scattered Spider have pivoted from retailers to insurance companies, according to Google Threat Intelligence Group.

“Actors that bear the hallmarks of Scattered Spider are now targeting the insurance industry,” John Hultquist, chief analyst at Google’s Mandiant, . “They have a habit of working their way through a sector. 农夫导航 companies should be on the lookout for social engineering schemes targeting their call centers.”

Scattered Spider, partnering with ransomware-as-a-service group DragonForce, had in recent months been concentrating on the retail sector in the U.S. and U.K., causing havoc to Whole Foods supplier United Natural Foods, Marks & Spencer, Co-op, Adidas, The North Face, Cartier, and Victoria’s Secret, among others.

Since Hultquist’s first post on the cybercrime group’s change in industry focus, the U.S. has bombed Iran鈥攔aising some concern that retaliation could include cyberattacks. Even with the increased cyber threat from Iran, Hulquist said the “threat I lose sleep over is Scattered Spider.”

“They are already taking food off shelves and freezing businesses. The Iranian hackers may not even have Internet access, but these kids are in play right now,” .

Keith Wojcieszek, global head of threat intelligence at Kroll, told 农夫导航 Journal he recently received some information that one insurer was the victim of phishing, which gained access to the company’s information technology. The hackers then use the information they can see to research the company’s hierarchy and fuel social engineering efforts.

Like the retail sector, insurers have a huge amount of valuable personal identifiable information and financial data for cybercriminals to store, use and sell. Also, insurers have information on insureds, which may be used to identify the next targeted industry segment, according to Wojcieszek.

“These attacks may be about money but there could also be a two-prong approach,” he said, explaining that insurers now gather a lot information on companies in order to insure them. “The network security of each company鈥擺insurers] are so detailed on the cybersecurity each company has. What a wealth of knowledge to have to know how to attack the next company or industry, or develop tools to go in and attack.”

On the positive side, Wojcieszek pointed out, cyber insurance policies have become service contracts so many insurers already have close relationships with the cybersecurity vendors they offer as part of a cyber insurance product.

“The good news is they (the insurance industry) understand what they need to do and how to address this because they’re doing it every day,” he said. Nevertheless, Wojcieszek suggested a refresh in employee training to thwart potential phishing or social engineering efforts.

Topics Trends Cyber