Since Hultquist’s first post on the cybercrime group’s change in industry focus, the U.S. has bombed Iran—raising
some concern that retaliation could include cyberattacks. Even with the increased cyber threat from Iran, Hulquist said the “threat I lose sleep over is Scattered Spider.”
“They are already taking food off shelves and freezing businesses.
The Iranian hackers may not even have Internet access, but these kids are in play right now,” he posted.
Keith Wojcieszek, global head of threat intelligence at Kroll, told Insurance Journal he recently rec
eived some information that one insurer was the victim of phishing, which gained access to the company’s infor
mation technology. The hackers then use the information they
can see to research the company’s hierarchy and fuel social engineering efforts.
Like the retail sector, insurers have a huge amount of valuable personal identifiable information and
financial data for cybercriminals to store, use and sell. Also, insurers have information on insureds, which may be used t
o identify the next targeted industry segment, according to Wojcieszek.
“These attacks may be about money but there could also be a two-prong approach,” he said, explaining that insurers now gather a lot information
Watch More Image Part 2 >>>
on companies in order to insure them. “The network security of each company—[insurers] are so detailed on the c
ybersecurity each company has. What a wealth of knowledge to have to kn
ow how to attack the next company or industry, or develop tools to go in and attack.”
On the positive side, Wojcieszek pointed out, cyber insurance policies have become service contracts so many
insurers already have close relationships with the cybersecurity vendors they offer as part of a cyber insurance product.
“The good news is they (the insurance industry) understand what they need to do and how to address this beca
use they’re doing it every day,” he said. Nevertheless, Wojcieszek suggested a refresh in employee training to thwart potential phishing or social engineering efforts.