Recommended reading

After hitting top retail stores, experts warn this infamous criminal gang is now going after US insurance giants

News
By published

Google says Scattered Spider is shifting its attentions

Abstract image of cyber security in action.
OpenVPN-protokollet - därför är det så bra (Image credit: Shutterstock)
  • Scattered Spider is no longer targeting retailers, Google claims
  • "Multiple" intrusions have been spotted in the US
  • Insurance companies now seem to be in the crosshairs

The notorious Scattered Spider cybercrime gang is apparently stepping away from attacking high-end retailers and has begun targeting insurance organizations in the US, experts have claimed.

Google Threat Intelligence Group (GTIG) cybersecurity researchers claim to have seen multiple attacks, and are now urging organizations to be on the lookout for potential threats.

"Google Threat Intelligence Group is now aware of multiple intrusions in the US which bear all the hallmarks of Scattered Spider activity. We are now seeing incidents in the insurance industry," chief GTIG analyst John Hultquist said in an email shared with TechRadar Pro.

DragonForce

Scattered Spider is a “loosely knit” cybercriminal organization operating within a larger hacking community known as “the Com,” known for targeting one industry at the time.

It recently targeted high-end retailers, mostly in the UK, including Harrods, M&S and the Co-op, and has also engaged with US companies, going for social engineering, SIM-swapping, and ransomware.

"Given this actor's history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes, which target their help desks and call centers," Hultquist stressed.

Although Google did not discuss who the victims are, The Register says two US-based companies recently reported suffering a cyberattack: Erie Insurance, and Philadelphia Insurance Company. Neither confirmed the incidents were the work of Scattered Spider, but the news aligned suspiciously well.

The publication also says the crooks usually start their attacks with fake helpdesk calls, after which they trick the victims into granting access to their devices, which is later used to deploy the DragonForce ransomware encryptor.

There are multiple ways to defend against ransomware attacks, but the best one is to raise employee awareness about phishing and social engineering, since most attacks abuse people, rather than systems.

Via The Register

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.