Ransomware Poses a Rising Threat to Hospital Operations

"Because of the potential to disrupt their operations, hospitals are logical targets for attacks. If infected, they may have little choice but to pay the ransom—and quickly, said Matt Devost, CEO of security consultancy FusionX, which is now owned by Accenture.
'If I target a midtier, medium-sized business and encrypt their data, there is probably a period of time during which they can operate without access to their data,' he told eWEEK. 'With hospitals, that is not the case, and that makes them a ripe target.'"

Source: Ransomware Poses a Rising Threat to Hospital Operations


How accurate is Mr. Robot? The show’s data, password, and smart home dangers.

"It’s often as simple as that. When I was researching my book, Dark Territory: The Secret History of Cyber War, Matt Devost, president and CEO of the cybersecurity firm FusionX, told me about his days running the ‘red team’ in war games that tested the vulnerability of NATO communications systems. In one game, Devost was having a hard time cracking the commanding general’s password. So he looked up his biographical sketch on a military website, tried out some of the personal details it cited, and finally hit gold by combining ‘Rutgers,’ where the general’s son was attending college, with a two-digit number, which a commercially available random-numbers generator guessed in less than a second."

Source: How accurate is Mr. Robot? The show’s data, password, and smart home dangers.


Can hackers sway public opinion with DNC and NSA leaks?

"'The first entree into cyberconflict isn’t physical destruction,' says Matthew Devost, President of FusionX, a cybersecurity and risk management company. 'If an airplane with 200 people falls out of the sky, it’s very easy to determine our response. But with the DNC hack, the impact isn’t as tangible.'"

Source: Can hackers sway public opinion with DNC and NSA leaks? - CSMonitor.com


HfS #CyberChat w Accenture's Matt Devost

"In this edition of #CyberChat, Fred McClimans of HfS Research sits down with Matt Devost, Managing Director of Accenture's Vulnerability and Threat Intelligence Practice to discuss the state of Cyber Security and the trends moving enterprise security forward."

Source: HfS #CyberChat w Accenture's Matt Devost - YouTube


Hacking Mr. Robot, week 7.

"Slate and Future Tense are discussing Mr. Robot and the technological world it portrays throughout the show’s second season. You can follow this conversation on Future Tense, and Slate Plus members can also listen to Hacking Mr. Robot, a members-only podcast series featuring Lily Newman and Fred Kaplan.

In this episode of Hacking Mr. Robot, Fred and Lily discuss Episode 8: ‘eps2.6succ3ss0r.p12.’ They’re joined by special guest Matt Devost, a cybersecurity expert and the CEO of FusionX."

Source: Hacking Mr. Robot, week 7.


Startup investors are looking to hackers for help on smart bets

"‘I’d say we have really seen a growth in that particular market over the last five years,’ said FusionX CEO Matthew Devost, referring to an uptick in revenue for his business from services purchased by investors. Devost’s company, which was acquired by Accenture in August 2015, leverages offensive cyber capabilities to test clients' digital defenses. 

FusionX is traditionally employed by investors to conduct tests during a pre-funding stage or in preparation of a merger, acquisition or initial public offering, said Devost. In the past, FusionX has worked closely with clean-tech, biotech and several large software companies to improve cybersecurity on behalf of their investors. Currently, the Reston, Va.-based cybersecurity company is working with a cohort of prominent, well-funded private equity firms that use its services to understand the strengths and weakness of their portfolio companies. Devost, once a senior adviser to the Department of Defense, declined to discuss clients by name."

Source: Startup investors are looking to hackers for help on smart bets


What a real cyber war would look like

"In a hot cyber war, the first line of attack would not be like on Star Trek, with spectacular bursts of sparks flying out of computers. Instead it would be a stealth attack on the enemy’s military command and control infrastructure, to keep it from being able to strike, said Matt Devost, managing director of Accenture Security and a special government advisor to the U.S. Department of Defense.

The problem is that much like nuclear attacks, no one wants to let the genie officially out of the bottle. Certainly the United States and Europe benefit the most from a free and open Internet, so weaponizing it is not a step taken lightly."

Source: What a real cyber war would look like


Every Cyber Attacker is an Insider

"What enterprise executives need to realize is that in today’s environment, every cyber attacker is a potential insider. Given the prevalence of BYOD (bring your own device), supply chain integrity issues, foreign travel, and the plethora of successful spearphishing campaigns, executive leadership needs to operate on a presumption of breach basis and work on reducing their attack surface through red teaming, early detection of attacks, thwarting lateral movement through the enclaving of critical systems, and having robust incident management plans in place before the breach occurs."

Source: OODA Loop - Every Cyber Attacker is an Insider


10 Red Teaming Lessons Learned Over 20 Years

I've written a few popular blog posts over at OODA Loop. Here is one I did on red teaming lessons learned.

"I often get asked what lessons I’ve learned over the past twenty years, so I started putting together this list of 10 lessons learned over 20 years of red teaming a few years ago. Given that I’ve officially hit the twenty year mark, I figured it was time to hit the publish button. While many of these feel like concepts, vice lessons learned, I hope the reader finds them thought provoking as they formulate and execute red teams of their own. As always, feedback and comments are welcome. This article is also posted at Red Team Journal if you’d like to discuss it there."

Source: OODA Loop - 10 Red Teaming Lessons Learned Over 20 Years


Virtual Reality paper from 1993

Before Neo awakened to the existence of the Matrix and before Mark Zuckerberg donned his first Oculus Rift VR goggles, I was writing about the relationship between immersive virtual reality, philosophy, and human behavior (adopting a position of do no harm). I've mentioned this essay several times over the past couple of decades and finally located a copy to preserve here for easy linking. I don't recall what the title was and it wasn't captured in my Word Perfect file with this text, nor was the bibliography for the paper.


The world is your exercise book,

the pages on which you do your sums.

It is not reality,

although you can express reality there if you wish.

You are also free to write nonsense,

or lies,

or to tear the pages.

-Richard Bach

There is a new concept floating around the computer industry these days, appropriately dubbed 'virtual reality'. Virtual reality entails the creation of a simulated environment on a computer system, which the human subject is allowed to experience through the use of special equipment such as body-sensory suits and 3D goggles. Though the virtual world exists as bits of information stored on the internal memory of a computer, to the person experiencing it, it is very realistic. Even though our power to create virtual reality worlds is somewhat limited at the present time, technological trends would indicate that it may not be long before virtual reality scenarios become indistinguishable from real life situations. Tony Deveaux explains:

“Virtual reality can be realistic or artificial, creating environments that could not otherwise exist, painting our wildest fantasies, or it can transpose reality into another scalable dimension, for example, simulating a human heart as big as a house, or conjuring a room-sized solar system...In these conceptualizations, you may not be able to tell a computer-generated hallucination from flesh and blood reality.”

Imagine having the power to create your own world, playing the role of the divine artist. It would be like being able to control the subject matter of your dreams. Now imagine that technology advances so much that the ultimate virtual reality machine is created. This machine would allow you to design a virtual world that incorporated all five senses, a full range of emotions, and objects to interact with. Some of these objects would be simple variables. You may create an object called a rose, which starts as a simple seed and over a projected amount of time grows into a beautiful flower, only to fade away again. You might design characters to interact with, and ultimately you would be able to connect your friends to share your virtual experiences with you.

Imagine the great adventures you would have, and the scenarios you could create, from Stephen King like horrors to Harlequin romances. Now imagine that a drug is developed that when taken in coordination with your virtual reality machine, allows you to forget you are engaged in an virtual reality experience. Imagine if once you started the program, this drug was injected into your body, and you forgot that a reality exists outside the machine.

You would perceive your virtual world as if it were real, forgetting that it is simple a world created by you, and that every variable is under your control.

This type of experience is exactly what Hindu philosophers say you are experiencing right now, and is the type of experience Richard Bach describes in the book Illusions. By using this analogy we can examine the nature of the ultimate reality, or Brahman as argued by the Vendatic philosopher Shankara. Shankara acknowledges that the empirical world, is an illusory experience of the ultimate reality, Brahman. Shankara argues that even though the objects of the empirical world appear real, they are simply illusions, shadowing the ultimate reality. Here we might substitute the empirical world with the virtual world we created above, and continue our examination of Brahman.

The person experiencing the virtual world actually believes they are experiencing reality. The drug that they take allows them to forget the ultimate reality, thus what they perceive in the virtual world is taken for the ultimate reality. The subject actually believes that they are seeing the true nature of the Brahman. As Shankara explains, they are ignorant to the true nature of the Brahman. What they are experiencing as reality is actually just electrical pulses within a machine that will cease to exist at the touch of a button. It appears to be real, just as Shankara's world of illusions appears to be real, just a dream appears to be real, but it is not. You are existing in a virtual world, dwelling on the electrical pulses of cyberspace. The ultimate reality, or Brahman is the world you wake up to.

Out of this ultimate reality you created a virtual reality. Once you wake up, you remember all that happened during your virtual experience was created out of a necessity to gain knowledge. Your virtual world is educational, programmed to repeat over and over until the final lesson is learned, until you achieve enlightenment.

According to Shankara, your enlightenment consists of simply overcoming the ignorance that allows you to believe the virtual reality is the ultimate reality.

In order to gain enlightenment you must realize that you created the virtual reality, that you have the power to manipulate it, that you are the ultimate reality. Tat Tvam Asi! With enlightenment comes the ability to manipulate the virtual world.

You might turn water into wine, walk on water or as Richard Bach describes in his tale of the reluctant messiah, you might chose to swim in the earth.

“He walked to the shore easily as walking on a painted lake. But when his feet touched the ground, the sand and grass at the edge, he began to sink, until with a few slow steps he was up to his shoulders in earth and grass. It was as though the pond had suddenly become an island, and the land about had turned to sea. He swam for a moment in the pasture, splashing it about him in dark loam drops, the floated on top of it, then rose and suddenly walked on it. It was suddenly miraculous to see a man walking on the ground!” (Bach pg 124)

You are also free to terminate the virtual world, or you may remain within it, a master it of instead of slave to it. You may chose to stay and help the people around you overcome their ignorance. Once again I turn to Richard Bach.

“Learning is finding out what you already know. Doing is demonstrating that you know it. Teaching is reminding others that they know just as well as you. You are all learners, doers, teachers.”

It would appear a beautiful process, but certain moral questions arise. For example, what value do you place on the virtual characters of your world? If they are not true reality, then it would appear that you could harm them without remorse. Or do these virtual characters have some value in relation to the ultimate reality? If you argue that the characters of the virtual world hold no value since they are not real, then you will have no difficulty with Krishna's teaching to Arjuna in the Bhagavad Gita that instructs him to kill without regret.

However, I would argue that we indeed do harm by hurting the virtual characters of our virtual reality. The virtual characters are indeed connected to the ultimate reality. To destroy these characters would be equivalent of depriving one of knowledge, stopping the lesson half way through, delaying the enlightenment process. Though it does no physical damage to the ultimate reality, the underlying motive is negative in its very existence. The underlying motive is to do harm, and this trait, along with those of greed, anger, hate, intolerance, and many others of similar nature are not traits I wish to associate with the ultimate reality. I would hope that in moving from the virtual reality to the ultimate reality, such traits evaporate into insignificance. However, I may be wrong.

One can smoothly re-substitute the empirical world for the virtual world. Might the empirical world be as illusory as the virtual world? Shankara and Richard Bach say yes. In that case, our enlightenment in this world is simply overcoming our ignorance that allows us to treat this world as the ultimate reality. We must remember that we are in charge and that the tools to program the world are at our fingertips. It is this realization that Hindu philosophers struggle to achieve. They desire to know the true nature of the ultimate reality, to overcome their ignorance and achieve enlightenment.