Updated: 6/18/25 at 3:25 p.m.
The hacking group known as Scattered Spider has turned its attention to the insurance industry, particularly insurers. The hackers are believed to be based in the U.S. and U.K., comprising primarily English-speaking teenagers and young adults. Their teams generally target a specific industry at a time and have previously hacked British-based retailers Marks & Spencer, Co-Op and Harrods.
Douglas McKee, executive director, Threat Research at SonicWall, said in a statement, "We're witnessing a troubling strategic escalation—Scattered Spider has shifted its focus from retail to insurance, and their playbook hasn't changed: highly targeted social engineering, MFA fatigue attacks, and call-center exploits. It's a reminder that cyber adversaries operate in waves, sector-by-sector. Insurance firms need to shore up help desk defenses, strengthen authentication workflows, and embed proactive threat-hunting to stay ahead."
The hackers can utilize social engineering tactics by monitoring company social media sites, use phishing attacks to gain access to company data, and leverage that data to circumvent dual-factor authentication in some instances.
Wojcieszek offers these recommendations to mitigate the threats. "To counter these threats, insurers must act decisively. First, they should implement phishing-resistant multi-factor authentication across all systems. Second, I recommend enforcing strict identity verification protocols for help desk and call center interactions. Third, it's crucial they invest in continuous, role-specific social engineering awareness training. These steps, while not exhaustive, apply the 80/20 rule in cybersecurity – targeting the most impactful defenses against the most common and damaging attack vectors."
This is a developing story and will be updated as warranted.
