By Edward Carron

July 7 - (The Insurer) - Manufacturing, education, IT and retail are the sectors most vulnerable to cyber attacks by Scattered Spider, with 287 large companies at high risk, a report by cyber risk analytics firm CyberCube said on Friday.

Scattered Spider, a rapidly evolving extortion group first identified in 2022, has intensified its attacks across diverse industries in recent months using sophisticated social engineering tactics.

CyberCube's analysis reveals significant vulnerabilities across sectors and among large companies.

The report analysed a portfolio of approximately 15,000 companies, focusing on eight key global markets: the U.S., UK, Canada, Australia, Germany, France, Japan and Singapore.

The analysis found that 287 companies with more than $500 million in revenue, 2% of the cohort, are at the highest risk of being targeted by Scattered Spider.

These high-risk companies employ three or more technologies frequently targeted by Scattered Spider, have had security lapses that the group is known to exploit and also tolerate security conditions that may allow the threat actor to complete critical steps in the attack lifecycle, CyberCube said.

Medium-risk companies, comprising 7% of companies with more than $500 million in revenue, show partial vulnerabilities to Scattered Spider's tactics.

Scattered Spider uses sophisticated social engineering techniques to attack large companies such as Twilio and Coinbase in 2022 and Reddit in 2023, as well as casino companies Caesars and MGM.

The group has hit 11 targets in 2025 to date, initially targeting retailers Victoria's Secret, Marks & Spencer, Co-op Group and Harrods, before moving on to insurers Erie, Aflac and Tokio Marine Group.

Scattered Spider has recently attacked several airlines, including Hawaiian Airlines, West Jet and Australian flag carrier Qantas.

Erie Insurance has been hit with two lawsuits and Aflac with a proposed class action from employees and customers who said that the companies failed to secure their information in June data breaches following the Scattered Spider ransomware attacks.

First reported by The Insurer, Tokio Marine-owned PHLY was attacked on June 9 and it was first reported by The Insurer on June 12 that Scattered Spider was the suspected culprit. First Insurance Company of Hawaii (FICOH) and Tokio Marine North America (TMA) were also compromised in the attack. Tokio Marine Group said on Tuesday that PHLY, FICOH and TMA have now fully restored their systems.

Cyber Risk Insurer reported on June 17 that PHLY was offering flat renewal rates applied against exposure change on policies renewing through June 20 due to the disruption caused by its IT systems outage.