Cybercrime,
Data Breach Notification,
Data Security
Experts Suspect Scattered Spider Is Behind Recent Attacks on Insurers
Aflac, the largest provider of supplemental health insurance in the U.S., has reported that it is the latest victim of a coordinated cyber campaign aimed at the insurance sector. Cybersecurity experts suggest that these attacks may be linked to a specific cybercrime group, Scattered Spider, which has been increasingly targeting firms in this industry.
In an official U.S. Securities and Exchange Commission filing and subsequent public statement, Aflac explained that the intrusion occurred on June 12. The company emphasized that while ransomware was not employed during the breach, there is a possibility that sensitive data was compromised. Experts have noted the characteristics of this attack align closely with tactics previously used by Scattered Spider.
According to Zach Edwards, a threat researcher at Silent Push, recent incidents involving Aflac and other Pennsylvania-based insurers exhibit significant similarities to previous attacks attributed to Scattered Spider. “There are credible indications that they have once again focused their efforts on the insurance industry, which was last subjected to a wave of attacks impacting at least a dozen companies,” Edwards remarked.
This disclosure follows assaults on other major U.S. insurers, including Erie Indemnity Company and Philadelphia Insurance Companies, both of which are also working to recover from significant IT outages. Similar to Aflac, these companies reported that their incidents involved no ransomware encryption.
While the specific groups responsible for the attacks have not been officially named, expert assessments point toward Scattered Spider due to overlapping attack patterns. In addition to the insurance sector, this group is also believed to have targeted prominent retailers in the U.K., utilizing advanced evasion tactics during its operations.
Scattered Spider is known for exploiting high-value data targets with low tolerance for downtime. Their methodologies include a blend of social engineering and sophisticated phishing strategies aimed at gaining initial access. Potential MITRE ATT&CK techniques employed in these attacks include “Initial Access” through social engineering, “Persistence” via compromised credentials, and “Privilege Escalation” that allows attackers further exploration within the network.
Aflac stated it acted quickly upon discovering suspicious network activity, initiating cybersecurity response protocols that reportedly halted the intrusion quickly. However, the company is conducting a thorough review to assess the extent of the breach and to determine which data might have been affected. The compromised files potentially include claims data, personal health information, Social Security numbers, and other sensitive customer details.
In response to the incident, Aflac is offering impacted individuals free credit monitoring and identity theft protection services for 24 months. As the company continues to evaluate the situation, it has urged individuals to remain vigilant for potential security threats related to their personal data.
While Aflac has not provided a detailed enumeration of the specific number of individuals impacted, they have stressed the importance of transparent communication regarding the situation with their stakeholders. As the investigation remains in its early stages, experts advise that all firms within the insurance sector should review their cybersecurity strategies and consider the implications of being among the targets of sophisticated cybercrime organizations.
