Hackers switch to targeting US insurance companies

pSonicWall Firewall configs stolen for all cloud backup customersppNew FileFix attack uses cache smuggling to evade security softwareppHackers claim Discord breach exposed data of 55 million usersppGoogles new AI bug bounty program pays up to 30000 for flawsppHarvard investigating breach linked to Oracle zeroday exploitppThe 380 refurbished Surface Laptop 3 with i7 performance and 16GB RAMppFake Inflation Refund texts target New Yorkers in new scamppGet your first year of Sams Club membership for 15 MSRP 50ppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppThreat intelligence researchers are warning of hackers breaching multiple US companies in the insurance industry using all the tactics observed with Scattered Spider activityppTypically the threat group has a sectorbysector focus Previously they targeted retail organizations in the United Kingdom and then switched to targets in the same sector in the United StatesppGoogle Threat Intelligence Group is now aware of multiple intrusions in the US which bear all the hallmarks of Scattered Spider activity We are now seeing incidents in the insurance industry John Hultquist Chief Analyst at Google Threat Intelligence Group GTIG told BleepingComputerppHultquist warns that because the group approaches one sector at a time the insurance industry should be on high alertppGTIGs chief researcher says that companies should pay particular attention to potential social engineering attempts on help desk and call centersppJust this month two insurance companies disclosed that their systems were impacted by cyberattacksppPhiladelphia Insurance Companies PHLY announced that on June 9 it discovered unauthorized access on its network and disconnected the affected systems to stop the attack from spreadingppThe outage continues as the companys website still shows the outage notificationppErie Insurance also suffered business disruptions that started on June 7 A few days later the company reported in a filing wiht the US Securities and Exchange Commission that the outage was caused unusual network activity which prompted an immediate protection response for systems and datappScattered Spider is the name given to a fluid coalition of threat actors that employ sophisticated social engineering attacks to bypass mature security programsppThe group is also tracked as 0ktapus UNC3944 Scatter Swine Starfraud and Muddled Libra and has been linked to breaches at multiple highprofile organizations that mixed phishing SIMswapping and MFA fatigueMFA bombing for initial accessppIn a later stage of the attack the group has been observed dropping ransomware like RansomHub Qilin and DragonForceppOrganizations defending against this type of threat actor should start with gaining complete visibility across the entire infrastructure identity systems and critical management servicesppGTIG recommends segregating identities and using strong authentication criteria along with rigorous identity controls for password resets and MFA registrationppSince Scattered Spider relies on social engineering organizations should educate employees and internal security teams on impersonation attempts via various channels SMS phone calls messaging platforms that may sometimes include aggressive language to scare the target into complianceppAfter hackers breached Marks Spencer Coop and Harrods retailers in the UK this year the countrys National Cyber Security Centre NCSC shared tips for organizations to improve their cybersecurity defensesppIn all three attacks the threat actor used the same social engineering tactics associated with Scattered Spired and dropped DragonForce ransomware in the final stageppNCSCs recommendations include activating twofactor or multifactor authentication monitoring for unauthorized logins and checking if access to Domain Admin Enterprise Admin and Cloud Admin accounts is legitimateppAdditionally the UK agency advises that organizations review how the helpdesk service authenticates credentials before resetting them especially for employees with elevated privilegesppThe ability to identify logins from unusual sources eg VPN services from residential ranges could also help identify a potential attackppUpdate June 17 Added information about cyberattacks on two insurance companies in the United StatesppJoin the Breach and Attack Simulation Summit and experience the future of security validation Hear from top experts and see how AIpowered BAS is transforming breach and attack simulationppDont miss the event that will shape the future of your security strategyppUK govt backs JLR with 15 billion loan guarantee after cyberattackppJaguar Land Rover extends shutdown after cyberattack by another weekppGoogle confirms fraudulent account created in law enforcement portalppJaguar Land Rover confirms data theft after recent cyberattackppCan I have a new password please The 400M questionppNot a member yet Register NowppFBI takes down BreachForums portal used for Salesforce extortionppWindows 11 23H2 Home and Pro reach end of support in 30 daysppApple now offers 2 million for zeroclick RCE vulnerabilitiesppMake the leapget certified with VMUG Advantage Start your career journey todayppSee how Material secures Gmail Drive with EDRstyle detection and rapid responseppJoin Huntress to discuss all things tradecraft in a monthly meeting of the technical mindsppThe role of Artificial Intelligence in todays cybersecurity landscapeppRedefine security validation with Picus AIdriven Breach and Attack SimulationppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2025 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp