Threat intelligence researchers are warning of hackers breaching multiple U.S. companies in the insurance industry using all the tactics observed with Scattered Spider activity.
Typically, the threat group has a sector-by-sector focus. Previously, they targeted retail organizations in the United Kingdom and then switched to targets in the same sector in the United States.
“Google Threat Intelligence Group is now aware of multiple intrusions in the US which bear all the hallmarks of Scattered Spider activity. We are now seeing incidents in the insurance industry,” John Hultquist, Chief Analyst at Google Threat Intelligence Group (GTIG), told BleepingComputer.
Hultquist warns that because the group approaches one sector at a time, “the insurance industry should be on high alert.”
GTIG’s chief researcher says that companies should pay particular attention to potential social engineering attempts on help desk and call centers.
Scattered Spider tactics
Scattered Spider is the name given to a fluid coalition of threat actors that employ sophisticated social engineering attacks to bypass mature security programs.
The group is also tracked as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra, and has been linked to breaches at multiple high-profile organizations that mixed phishing, SIM-swapping, and MFA fatigue/MFA bombing for initial access.
In a later stage of the attack, the group has been observed dropping ransomware like RansomHub, Qilin, and DragonForce.
Defending against Scattered Spider attacks
... continue reading