Cybersecurity Today: Episode Summary Title: Cybersecurity News Roundup: Book Deals, Retail Attacks, Apple Spyware Alerts, and More
Host: Jim Love
Release Date: May 2, 2025

1. Major Cyber Attacks Target UK Retail Giants

In this episode, Jim Love discusses a significant cyber onslaught targeting two of the United Kingdom's largest retailers: Co-op and Marks & Spencer (M&S).

Co-op Under Siege

The Co-op, a vast British cooperative operating over 2,400 stores, experienced a severe cyber attack that led to a company-wide security lockdown. This measure was taken as a precautionary response to potential internal threats.

• Jim Love [02:15]: "The Co-op has triggered a company-wide security lockdown following a cyber attack."

Key security protocols implemented include:

• Mandatory camera use during video calls to verify participants and prevent unauthorized access.
• Disabling VPN access from home, requiring employees to access core systems only from Co-op locations.

Marks & Spencer Faces Ransomware Breach

Simultaneously, M&S is grappling with a ransomware breach that has escalated to a full-blown crisis under police investigation. The attack has disrupted operations, leading to empty store shelves and the suspension of job advertisements on their website.

• Jim Love [04:05]: "Marks and Spencer's is dealing with a full-blown ransomware breach now under police investigation."

The breach is attributed to the Scattered Spider group, notorious for previous high-profile attacks on MGM Resorts and Transport for London. The UK's National Cybersecurity Center has issued warnings to other retailers, although no direct targeting of the sector has been confirmed yet.

Expert Insights

Jen Ellis, a security consultant, shared with the BBC that the Co-op fears hackers might have already infiltrated their systems, necessitating stringent security measures to maintain operational integrity.

• Jen Ellis [03:20]: "Keeping cameras on during conference calls ensures that everyone is really who they claim to be."

2. Apple Announces Spyware Alerts Across 100 Countries

Apple has taken a proactive stance against sophisticated spyware attacks by notifying iPhone users in 100 countries about targeted mercenary spyware attempts.

Details of the Alert

The threat notifications inform users that their devices are being targeted for espionage based on their identity or occupation. Notable individuals, such as Italian journalist Ciro Pellegrino and Dutch commentator Eva Vlaardinger Burke, have publicly acknowledged receiving these alerts.

• Jim Love [06:45]: "Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise your iPhone."

Apple's Response Mechanism

Apple's advisory outlines two primary methods of alerting users:

1. A threat notification displayed upon signing into account.apple.com.
2. An email and iMessage notification sent to the user's registered contact information.

Protective Measures Recommended by Apple

Users are advised to:

• Enable lockdown mode.

• Avoid clicking on suspicious links or installing unverified apps.

• Seek expert advice from resources like AccessNow's digital security helpline.

• Apple Advisory [08:30]: "Our staff will never ask you to click on links, install apps, or provide any information over the phone to verify that a warning is genuine."

Apple has been issuing these alerts since 2021, with over 150 countries now receiving notifications about potential spyware threats.

3. Malicious WordPress Plugin Injects Backdoors

A new malicious WordPress plugin, disguised as a legitimate security tool, has been identified as part of a broader malware campaign targeting WordPress websites.

Mechanism of Attack

The plugin, named wpantimalwarybot.php, allows attackers to:

• Maintain persistent access.
• Execute remote code.
• Inject malicious JavaScript into site pages.

It operates stealthily by hiding from the plugin dashboard and can reactivate itself if deleted by modifying the WP cron PHP file.

• Jim Love [11:10]: "The plugin registers an unauthenticated custom REST API route, allowing attackers to insert arbitrary PHP code into active theme files."

Origins and Similarities to Past Attacks

The command and control server is located in Cyprus, and the campaign bears resemblance to a supply chain attack from July 2024.

Protective Recommendations for Administrators

WordPress site owners are advised to:

• Inspect WP cron, PHP, and header PHP files for unauthorized changes.
• Monitor access logs for suspicious activities.
• Regularly update all plugins and themes.
• Implement strong authentication measures, including two-factor authentication.
• Utilize reputable security plugins and services to scan for vulnerabilities.

4. Cybersecurity Community Supports Chris Krebs Amid Investigation

A coalition of cybersecurity professionals and organizations, including the Electronic Frontier Foundation, has released an open letter defending Chris Krebs, the former Director of the Cybersecurity and Infrastructure Security Agency (CISA).

Allegations Against Krebs

President Donald Trump has initiated a criminal investigation into Krebs, accusing him of:

• Abusing his role at CISA to conceal election rigging evidence.
• Colluding with social media companies to suppress dissent during the COVID-19 pandemic.

These allegations led to Krebs' dismissal in 2020 and the subsequent revocation of his and his company's security clearances and Global Entry privileges.

• Jim Love [16:50]: "By placing Krebs and Sentinel 1 in the crosshairs, the president is signaling that cybersecurity professionals...risk having their businesses and livelihoods subjected to spurious and retaliatory targeting."

Community's Response

The open letter argues that targeting Krebs undermines national security and the integrity of the cybersecurity profession. It emphasizes the necessity of an independent infosec community to protect democracy and ensure unbiased reporting on security systems.

• Open Letter [18:30]: "An independent infosec community is fundamental to protecting our democracy and to the profession itself."

Despite the letter's support, major security companies have not publicly endorsed it, raising concerns about the potential silencing of objective advisors within the US Government.

• Jim Love [21:10]: "The motto of the Washington Post, itself criticized for knuckling under to government pressure, was Democracy dies in darkness. Potentially, so does cybersecurity."

Conclusion

This episode of Cybersecurity Today provides a comprehensive overview of recent significant cyber threats and industry responses. From the challenges faced by major UK retailers to Apple's vigilant stance against spyware, and from the emergence of malicious WordPress plugins to the cybersecurity community's defense of a key figure under investigation, host Jim Love effectively highlights the dynamic and often perilous landscape of cybersecurity.

For more in-depth discussions and updates, listeners are encouraged to stay tuned to future episodes.