Recent analysis has identified the cybercrime group Scattered Spider as a principal suspect in a series of cyberattacks targeting the U.S. insurance industry. Peter McMurtrie of West Monroe, a consulting firm, stated that it is probable that threat actors associated with this group may still be present within the IT environments of various insurers, indicating an ongoing risk to the sector.
McMurtrie highlighted one of the tactics employed by Scattered Spider: they often secure the actual identities of employees within organizations to gain access. This method complicates detection and creates challenges in defending against such breaches. According to McMurtrie, the group may choose to acquire sensitive information without immediately exploiting it, opting instead to retain the data for potential use in the future.
This strategy introduces a unique threat, whereby an incident could transpire without being detected because no active malicious actions are taking place at that moment. It becomes a scenario where information could be leveraged later, raising significant concerns for organizations in the industry. McMurtrie emphasized the unsettling nature of this dormant risk.
Recent investigations have linked potential data exfiltration incidents to insurers, including Aflac, Erie Insurance, and Philadelphia Insurance Companies, all attributed to activities of Scattered Spider. McMurtrie expressed his concerns that there may be additional incidents that have yet to come to light, suggesting that the scale of these attacks could be much larger than currently understood.
During a recent interview, McMurtrie addressed several key topics relevant to cybersecurity in the insurance sector. These include the reasons cybercriminals are increasingly targeting insurance companies, essential preventive and responsive measures to incidents, and the implications of agentic artificial intelligence in the industry, particularly its associated risks.
As a partner in the insurance practice at West Monroe, McMurtrie brings over 30 years of extensive experience across various domains of insurance. His career has encompassed a broad array of sectors, ranging from personal and commercial insurance to ancillary lines including health, pet, travel, and medical stop-loss products. Previously, he held the position of president of property and casualty commercial insurance at Nationwide Insurance.
With regard to potential tactics and techniques from the MITRE ATT&CK framework that may have been employed in these incidents, initial access, persistence, and privilege escalation stand out as likely vectors used by cyber adversaries. The utilization of these methods illustrates the sophisticated nature of the threats facing the insurance industry, as firms must remain vigilant against a backdrop of evolving cyber risks.
As the cybersecurity landscape becomes increasingly complex, business owners in the insurance sector must stay informed and proactive in their defense strategies to mitigate the risks posed by such skilled adversaries. Understanding the nature of attacks and the methods employed by groups like Scattered Spider is critical for enhancing organizational resilience against future breaches.
