Ransomware: Lucrative, fast growing, hard to stop

"'I imagine it will hit into the millions of dollars, if they are able to infect some of the right types of targets in an enterprise environment,' said Devost.
Like smart start-up CEOs, the hackers are testing the market and refining the business model. As the vast majority of attacks are likely settled without going public, more research is needed to figure out just how profitable the business really is, said experts. Unlike the criminal networks, which often share information freely, many of the victims do not."

Source: Ransomware: Lucrative, fast growing, hard to stop

Ransomware Poses a Rising Threat to Hospital Operations

"Because of the potential to disrupt their operations, hospitals are logical targets for attacks. If infected, they may have little choice but to pay the ransom—and quickly, said Matt Devost, CEO of security consultancy FusionX, which is now owned by Accenture.
'If I target a midtier, medium-sized business and encrypt their data, there is probably a period of time during which they can operate without access to their data,' he told eWEEK. 'With hospitals, that is not the case, and that makes them a ripe target.'"

Source: Ransomware Poses a Rising Threat to Hospital Operations

How accurate is Mr. Robot? The show’s data, password, and smart home dangers.

"It’s often as simple as that. When I was researching my book, Dark Territory: The Secret History of Cyber War, Matt Devost, president and CEO of the cybersecurity firm FusionX, told me about his days running the ‘red team’ in war games that tested the vulnerability of NATO communications systems. In one game, Devost was having a hard time cracking the commanding general’s password. So he looked up his biographical sketch on a military website, tried out some of the personal details it cited, and finally hit gold by combining ‘Rutgers,’ where the general’s son was attending college, with a two-digit number, which a commercially available random-numbers generator guessed in less than a second."

Source: How accurate is Mr. Robot? The show’s data, password, and smart home dangers.

Can hackers sway public opinion with DNC and NSA leaks?

"'The first entree into cyberconflict isn’t physical destruction,' says Matthew Devost, President of FusionX, a cybersecurity and risk management company. 'If an airplane with 200 people falls out of the sky, it’s very easy to determine our response. But with the DNC hack, the impact isn’t as tangible.'"

Source: Can hackers sway public opinion with DNC and NSA leaks? - CSMonitor.com

HfS #CyberChat w Accenture's Matt Devost

"In this edition of #CyberChat, Fred McClimans of HfS Research sits down with Matt Devost, Managing Director of Accenture's Vulnerability and Threat Intelligence Practice to discuss the state of Cyber Security and the trends moving enterprise security forward."

Source: HfS #CyberChat w Accenture's Matt Devost - YouTube

Hacking Mr. Robot, week 7.

"Slate and Future Tense are discussing Mr. Robot and the technological world it portrays throughout the show’s second season. You can follow this conversation on Future Tense, and Slate Plus members can also listen to Hacking Mr. Robot, a members-only podcast series featuring Lily Newman and Fred Kaplan.

In this episode of Hacking Mr. Robot, Fred and Lily discuss Episode 8: ‘eps2.6succ3ss0r.p12.’ They’re joined by special guest Matt Devost, a cybersecurity expert and the CEO of FusionX."

Source: Hacking Mr. Robot, week 7.

Startup investors are looking to hackers for help on smart bets

"‘I’d say we have really seen a growth in that particular market over the last five years,’ said FusionX CEO Matthew Devost, referring to an uptick in revenue for his business from services purchased by investors. Devost’s company, which was acquired by Accenture in August 2015, leverages offensive cyber capabilities to test clients' digital defenses. 

FusionX is traditionally employed by investors to conduct tests during a pre-funding stage or in preparation of a merger, acquisition or initial public offering, said Devost. In the past, FusionX has worked closely with clean-tech, biotech and several large software companies to improve cybersecurity on behalf of their investors. Currently, the Reston, Va.-based cybersecurity company is working with a cohort of prominent, well-funded private equity firms that use its services to understand the strengths and weakness of their portfolio companies. Devost, once a senior adviser to the Department of Defense, declined to discuss clients by name."

Source: Startup investors are looking to hackers for help on smart bets

What a real cyber war would look like

"In a hot cyber war, the first line of attack would not be like on Star Trek, with spectacular bursts of sparks flying out of computers. Instead it would be a stealth attack on the enemy’s military command and control infrastructure, to keep it from being able to strike, said Matt Devost, managing director of Accenture Security and a special government advisor to the U.S. Department of Defense.

The problem is that much like nuclear attacks, no one wants to let the genie officially out of the bottle. Certainly the United States and Europe benefit the most from a free and open Internet, so weaponizing it is not a step taken lightly."

Source: What a real cyber war would look like

Every Cyber Attacker is an Insider

"What enterprise executives need to realize is that in today’s environment, every cyber attacker is a potential insider. Given the prevalence of BYOD (bring your own device), supply chain integrity issues, foreign travel, and the plethora of successful spearphishing campaigns, executive leadership needs to operate on a presumption of breach basis and work on reducing their attack surface through red teaming, early detection of attacks, thwarting lateral movement through the enclaving of critical systems, and having robust incident management plans in place before the breach occurs."

Source: OODA Loop - Every Cyber Attacker is an Insider

10 Red Teaming Lessons Learned Over 20 Years

I've written a few popular blog posts over at OODA Loop. Here is one I did on red teaming lessons learned.

"I often get asked what lessons I’ve learned over the past twenty years, so I started putting together this list of 10 lessons learned over 20 years of red teaming a few years ago. Given that I’ve officially hit the twenty year mark, I figured it was time to hit the publish button. While many of these feel like concepts, vice lessons learned, I hope the reader finds them thought provoking as they formulate and execute red teams of their own. As always, feedback and comments are welcome. This article is also posted at Red Team Journal if you’d like to discuss it there."

Source: OODA Loop - 10 Red Teaming Lessons Learned Over 20 Years