By James Thaler

June 16 - (The Insurer) - The insurance industry “should be on high alert” for attacks by Scattered Spider, a senior Google analyst said on Monday, naming a threat actor that sources have told Cyber Risk Insurer is likely to be behind outages at Philadelphia Insurance Companies (PHLY) and Erie Indemnity,

"Google Threat Intelligence Group is now aware of multiple intrusions in the US which bear all the hallmarks of Scattered Spider activity,” said John Hultquist, chief analyst within the group at Alphabet's Google.

“We are now seeing incidents in the insurance industry. Given this actor's history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers,” Hultquist added in an emailed statement.

Cyber Risk Insurer was the first to report last week that PHLY had suffered a major ransomware attack beginning on June 9, with Scattered Spider identified by sources as behind the outage.

Scattered Spider is a term used by cybersecurity industry experts to track activities linked to a set of hacking tactics, techniques and procedures, particularly sophisticated social engineering

PHLY is still in the process of getting staff back online from an outage that has now extended into its second week.

Earlier on Monday, Cyber Risk Insurer reported that PHLY is in the midst of a forensic investigation and has also been in contact with law enforcement, after discovering unauthorized activity within its network last week.

PHLY said it responded by “proactively” disconnecting affected systems, acknowledging an outage that has affected phone and e-mail systems and online applications.

“We acknowledge the frustration and inconvenience this may have caused our customers, agents, brokers, and valued partners,” the company said.

“We fully understand how much you rely on our company, and we take that responsibility very seriously,” it added.

“Our teams have been working around the clock to resolve this issue as quickly as possible. While a return to full business operations will take time, our priority remains clear: to deliver the reliable service, responsiveness, and partnership you’ve come to expect from our company.”

PHLY started bringing staff back to a number of its offices gradually on Friday, focusing on locations that have IT personnel locally and asking staff to connect to the network via ethernet cables rather than WiFi.

Work continued over the weekend to get staff back online, which has included authenticating employees and setting up new passwords.