HQ/EMEAFind out how we can help your business
Scattered Spider, a well-known cybercrime group, has begun targeting the US insurance industry in a new wave of attacks, according to a recent warning from Google’s Threat Intelligence Group.
Previously focused on major UK retailers, including Co-op, Harrods and Marks & Spencer, Scattered Spider appears to have shifted its attention to insurance companies in the United States. The group, also known as UNC3944, is known for using highly deceptive social engineering tactics to gain access to internal systems.
John Hultquist, chief analyst at Google’s Threat Intelligence Group, cautioned that insurance firms should be on high alert. He explained that the group typically concentrates on one sector at a time and warned of schemes that often involve targeting help desks and call centres. These entry points are commonly exploited through phone-based manipulation, allowing attackers to bypass standard security measures.
Scattered Spider has been active for several years, although its operations have occasionally gone quiet, often following law enforcement actions.
However, the group is now believed to be operating at full strength once again, with its current methods focused on ransomware attacks and data theft with the goal of extortion.
While researchers did not name specific insurance companies affected in this latest campaign, one possible target is Erie Insurance, a Pennsylvania-based provider that reported a cybersecurity breach on 7 June. The company has been releasing updates about the incident, but the identity of the attackers has not yet been confirmed.
Experts have urged businesses in the insurance sector to take precautionary measures and referred them to previously published guidance on how to defend against tactics used by Scattered Spider. This guidance includes reviewing internal verification procedures, training staff to detect social engineering attempts, and strengthening cybersecurity defences.
The move from retail to insurance highlights Scattered Spider’s pattern of targeting one industry at a time. Their approach relies heavily on human error, making employee awareness and robust support protocols especially important in reducing risk.
As cyberattacks continue to grow in scale and complexity, organisations across all sectors are being reminded of the importance of early detection and strong security practices. For the insurance industry, the warning makes clear that they are now a primary target of Scattered Spider’s latest campaign.
