Cybercriminals have successfully breached the systems of insurance giant Aflac, raising serious concerns about the potential theft of sensitive information including Social Security numbers, insurance claims, and health information. This alarming incident was reported on Friday and represents the latest in a series of cyberattacks targeting the insurance sector, which has left the industry on high alert. With billions in annual revenue and a customer base numbering in the tens of millions, Aflac has emerged as the largest victim in the ongoing wave of digital assaults affecting US insurance companies. The situation has prompted both the FBI and private cybersecurity experts to intensify their efforts to manage the fallout.
In addition to Aflac, two other companies, Erie Insurance and Philadelphia Insurance Companies, have also reported significant hacks this month. These breaches have led to widespread disruptions in the IT systems that are essential for serving customers. According to sources familiar with the ongoing investigation, all three incidents align with the tactics employed by a notorious cybercrime group known as Scattered Spider.
Aflac stated that the attack was executed by a sophisticated cybercrime group, although it did not specifically name Scattered Spider in its official statement. The company reported that it was able to stop the intrusion within hours of detection and confirmed that no ransomware was deployed during the attack. Despite these reassurances, Aflac acknowledged that it is still too early to determine the extent of the information that may have been compromised. Given the scale of Aflac's operations, the potential exposure of customer data could be immense.
Aflac revealed that the hackers employed a technique known as social engineering to gain unauthorized access to its network. This method often involves tricking individuals into sharing security information that can facilitate network infiltration. Scattered Spider is particularly notorious for using this tactic, frequently posing as tech support to manipulate employees within large corporations.
This cybercriminal group is recognized as both dangerous and unpredictable, primarily because its members are believed to be young individuals based in the US and UK, who are notorious for their aggressive extortion tactics. Scattered Spider gained notoriety in September 2023 when they were linked to high-profile multimillion-dollar hacks of renowned Las Vegas casinos and hotels, including MGM Resorts and Caesars Entertainment.
The methods employed by Scattered Spider, along with their tendency to target multiple sectors simultaneously, have cybersecurity professionals urging companies to remain vigilant against suspicious communications directed at their employees. In light of their rapid attack capabilities, former FBI official Cynthia Kaiser warned, “If Scattered Spider is targeting your industry, get help immediately. They can execute their full attacks in hours, while most other ransomware groups take days.”
According to cybersecurity firm Halcyon, Scattered Spider often registers deceptive web domains that closely resemble the trusted help desk sites used by corporations for IT support. As global tensions rise, particularly regarding Iranian cyber capabilities amid the ongoing Israel-Iran conflict, experts like John Hultquist from Google’s Threat Intelligence Group emphasize that their primary concern lies with Scattered Spider. “They are already taking food off shelves and freezing businesses,” he noted, highlighting the immediate threat posed by this group.
