The CyberWire intends to publish on schedule during the coronavirus emergency. Stay healthy and, as always, please stay in touch.

Time changes everything –so does the cloud. Yet, even as the cloud unlocks potential it opens the door to threats. McAfee designs security natively in the cloud, for the cloud. To protect the latest, like containers. To empower your change-makers, like developers. And to enable business accelerators, like your teams. Cloud security that accelerates business, it’s about time. Visit McAfee.com/time.
WildPressure threatens ICS. WHO sustained an attack by DarkHotel. Ransomware gangs continue to hit medical targets.
As FireEye and others warn of the proliferation of commodity industrial control system attack tools, Kaspersky summarizes the activity of "WildPressure," a hitherto unknown advanced persistent threat active against industrial targets in the Middle East. Kaspersky doesn't attribute WildPressure to any nation-state, but it notes that the group distributes a C++ Trojan researchers call "Milum." It's unclear whether WildPressure's goals extend farther than espionage.
The World Health Organization has disclosed, Reuters reports, that it was subjected to cyberattack by the DarkHotel group. The attackers, who were after credentials, were detected "around" March 13th, and the WHO says the attack was unsuccessful. It's not clear whom DarkHotel works for, but they have a long record of cyber espionage, mostly against Russian and East Asian targets, but hitting many other countries as well.
Remember when the Maze, DoppelPaymer and Netwalker ransomware gangs told BleepingComputer that healthcare targets were off limits? The truth changes. L'Express says that CERT-FR reported that Paris hospitals sustained an inconvenient but unsuccessful ransomware attack Sunday. The strain used against the Parisian targets hasn't been specified, but in another case it has. Forbes reports that Hammersmith Medicines Research, a British firm standing by to help test any COVID-19 vaccines that may be developed, was the target of a Maze ransomware attack on March 14th. That's before Maze promised good behavior on March 18th, but on the other hand that good behavior doesn't extend to helping with decryption or relaxing extortion demands. The Maze gang has continued to demand payment.
Today's issue includes events affecting Australia, China, European Union, France, Russia, United Nations, and United States.
Bring your own context.
Unfortunately, there are too many apps out there that exceed the permissions users grant them.
"When you download an app, the permission requests and privacy policy are usually the only warnings you get about the data that it's collecting. Usually, you just have to take the app's word that it's grabbing only the data you've agreed to give it. Well, it turns out that some security researchers have taken a deeper look at those apps. And they've identified more than 1,000 apps that have been found to take data even after you've denied them permissions. It's interesting that some of the more widespread apps and more well-known ones like AccuWeather are collecting data that is more than what you've agreed to and is more than just your location."
—Malek Ben Salem, Americas cybersecurity R&D lead for Accenture, on the CyberWire Daily Podcast, 3.20.20.
Alas, you may not be that interested in the app, but the app might well be too interested in you.
CyberWire Pro delivers timely briefings about developing news.
Take a look at CyberWire Pro, our new subscription program designed for security professionals and all others who want to stay abreast of cybersecurity news. CyberWire Pro is a premium service that will save you time and keep you informed.
LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.
Working from home is no reason to miss a good podcast. (We're working remotely, and we're listening from our own undisclosed locations.)
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses cameras that claim to scan thousands of people at a distance, detecting the telltale fever of coronavirus. Out guest is Allan Liska from Recorded Future, with more general thoughts on security in the time of a pandemic.
And Recorded Future's threat intelligence podcast, produced in partnership with the CyberWire, is up. The current edition, "Combating the Underground Economy’s Automation Revolution," discusses machine-versus-machine (and human-versus-machine) defense and offense. Automation has become an essential part of nearly every industry, and in cybersecurity that's true of attackers as well as defenders. SOARs can be used to tip the balance back in a defender’s favor by automating defensive intelligence feeds and combining them with automated detection and prevention. Research by Recorded Future’s Insikt Group explored the tools and services threat actors use to automate tasks associated with malicious campaigns, and the mitigation strategies available through SOAR and threat intelligence solutions.