“We are in the year 2024, and we’re in full-blown cyber warfare.”
In a wide-ranging interview, Techopedia speaks with former Green Beret Greg Hatcher, founder, and CEO of White Knight Labs, about the state of global cyber warfare in 2024, the military’s role in cybersecurity, and the critical lessons that businesses can learn from it.
We also talk about the need for government and private sector partnerships to fight cybercrime, the evolution of cyber threats, and more.
About Greg Hatcher
A former Green Beret, Greg Hatcher spent several years in the US Army special operations before transitioning into offensive cyber operations in 2016. He taught guerilla (unconventional) urban warfare to the following groups: Kurdish Peshmerga in Iraq; Kurdish YPG (People’s Protection Units) and Kurdish YPJ (Women’s Protection Units) in Syria; and the Afghan Local Police and Afghan National Police in Afghanistan.
When Hatcher transitioned from the military in 2017, he dove into networking and pivoted quickly to offensive cybersecurity. He has taught at the NSA and led red teams while contracting for the federal Cybersecurity and Infrastructure Security Agency.
In 2021, Hatcher joined forces with John Stigerwalt to start a boutique offensive cybersecurity consultancy called White Knight Labs. Hatcher has led over 200 penetration tests that include network, cloud, mobile, web app, and API technologies.
Cybersecurity and Modern Military Operations
Q: Can you talk about cybersecurity’s significance in modern military operations?
A: The military plays a crucial role in cybersecurity, primarily concerned with protecting a nation’s security and defense systems. The military is responsible for defending against everything from cyber threats to national security, including attacks on critical infrastructures, such as energy, transportation, and communications.
The military also takes part in offensive cyber operations when authorized, disrupting adversaries’ networks or information systems to protect national interests.
It’s never been more apparent how important cybersecurity is in modern military operations. I think more so over the last two years than ever before in history, especially on October 7, 2023, when Hamas attacked Israel with rockets.
And also, within an hour of the rocket attacks, Hamas launched a distributed denial-of-service attack on the Iron Dome [Israel’s missile defense system]. The attack was aimed at disrupting the Iron Dome’s operations and rendering it ineffective in protecting Israel from attacks.
However, Hamas did the same thing in 2021. They floated a bunch of rockets into Israel – the Iron Dome can only stop a finite number of rockets at one time – and launched denial-of-service attacks on the Iron Dome to overwhelm its early warning system [and prevent it from operating at full capacity].
So Hamas learned this two years ago, and then it exploited a vulnerability in the Iron Dome system that Israel had not addressed.
Q: How has cyber warfare shaped the Russia-Ukraine war?
A: The conflict between Russia and Ukraine has also had significant implications for cyber warfare. It has led to an increase in cyberattacks against Ukrainian infrastructure, including power grids and government systems. But I don’t think the cyber warfare in the Russia-Ukraine war has been as lethal as Hamas has been in attacking Israel.
And then, once they get inside, they’ll set up persistence. So once they’re detected, Ukraine will think it has kicked out the Russia APT. But they’re actually living on the edge. And if they’ve popped a zero day on the VPN portal or a firewall, they can just sit there indefinitely.
The US Government’s Role in Cybersecurity
Q: What is the US government’s role in cybersecurity?
A: We are in the year 2024, and we’re in full-blown cyber warfare. China, Russia, and North Korea are the three biggest threats to the United States government’s cyberattack surface.
And the military definitely has a role in cyber warfare. The United States’ role in protecting its citizens and its government is to have a well-trained workforce, which they’re kind of lacking.
In addition, federal employees who work in cyber operations can leave government work and go to the private sector, and oftentimes, they receive double their salaries. So the US government’s role is to keep those people actually defending the country as opposed to [moving to] the private sector.
Q: Should the US government take a more proactive role in cyber defense?
A: Absolutely. I don’t think there’s anyone who should say no to that. I think we’re a little bit behind the power curve.
Obviously, this has been on Russia’s and China’s radars for decades at this point. I heard a statistic the other day that there are 50 offensive Chinese cyber operators to one American offensive cyber operator. So China takes it very, very seriously, whereas America is lagging behind a little bit. I think there needs to be much more massive investment in offensive cyber operations in this country.
And then there also needs to be a partnership between government and industry to work together to shore up our cyber defenses.
The threat is overwhelming, and if the government is over here doing its own thing and the private sector is over there doing its own thing, I think that we are doomed to fail because the government just doesn’t have the resources to fight this fight.
Lessons for Business From the Military’s Role in Cybersecurity
Q: What critical lessons can businesses learn from the military’s role in cybersecurity?
A: The military’s approach is both comprehensive and proactive, focusing on defense, detection, and a fast response to potential threats. The military ensures constant system monitoring for any signs of intrusion, the segmentation of networks to limit damage during breaches, and it prioritizes training its personnel on threat awareness and mitigation.
Regular security audits, penetration testing, and well-planned contingency plans for various cyberattacks are also part of any strategy.
Businesses can learn that they need to be on the offensive as well when it comes to cybersecurity. So, as opposed to just hiring a red team once a year, they should have an internal red team that’s constantly doing offensive operations against the business. Cybersecurity is like: “You can pay now, or you can pay later”.
You can pay now when you’re in control and hire experienced red teamers or penetration testers who are constantly poking and prodding the internal and external attack surface for your business. Or China or Russia can do it for you.
Q: What are the strategies for preemptive cyber defense?
A: I would say the normal things you can do for cyber defense are keeping your systems updated, patching your firewalls and VPN appliances, and ensuring that the edge of your network is extremely secure.
Edge devices are the attack surface, so make sure that the edge of your network is extremely secure. There needs to be multiple layers of defense before whoever is attacking can pivot into the internal network.
So, having multi-factor authentication on all externally facing authentication portals and having robust password policies — these all matter. I would recommend more than 20 characters for your password policy.
We don’t really care about special characters as much because length is king over complexity, The longer the password, the more secure it is.
The second component of this is robust employee training. For example, ensuring employees know how to spot phishing attempts.
Q: What do you say to a business leader who says he’s not worried about cybersecurity because his company is too small to be targeted by hackers?
A: They should probably be fired immediately. If I’m a real crimeware group, [I know] that small companies can still be worth a lot of money, but they really don’t have a big pot of money for cyber defense. And maybe they don’t have a budget for information security awareness training,
So they’re really juicy targets for stealing PII [personally identifiable information] or proprietary information because their employees are kind of ignorant when it comes to phishing threats and password policies.
So, smaller companies need to pay as much attention as larger enterprises because there’s definitely a risk there.
Generative AI – Appealing and Dangerous
Q: What qualities that make generative AI appealing also make it a significant cybersecurity issue?
A: The hotness. Artificial intelligence is the hottest [technology] right now, isn’t it? So ChatGPT wasn’t that good at writing code, but it’s getting a lot better because millions of people use it every day. So it’s iterating and learning faster and faster.
And I think it’s great for writing malware. Actually, Sims of HYAS has done multiple proofs of concepts where he used ChatGPT and multiple prompts to create fully undetectable polymorphic malware. Fully undetectable means it can bypass all the antivirus and EDR [endpoint detection and response] products.
Polymorphic is the really scary part. That means that every time the malware executes the source code and the binary changes, you can’t actually write a hash for it. It changes every single time, so it completely nullifies all the protection that antivirus can provide. Your only hope is behavioral and active protection with EDR.
So, while generative AI makes it easy to write code, the downside is that it also makes it easy to write malicious code.
Evolution of Cyber Threats
Q: How have cyber threats evolved?
A: Cyber threats have become increasingly sophisticated and varied in recent years. In addition to the increased risk associated with generative AI, there’s also an increase in attacks on edge devices. So, attacking VPN portals, email security gateways, routers, switches – anything that’s touching the edge is getting beaten on right now. Because that’s how you pivot into [a company’s] internal network.
Q: What are the latest attack trends, and how much of a risk do they present?
A: The latest tech trends are beating on the edge devices and using ChatGPT to write polymorphic undetectable malware and phishing emails. This basically lowers the barrier of entry to writing malware because you don’t actually have to know anything.
It’s the same with a phishing email, you don’t actually have to know how to write the phishing email, ChatGPT will just do it for you. So, since these things are getting easier and easier to do, more people are going to be doing them in the first place.
White Knight Labs is a small boutique offensive cybersecurity consultancy specializing in red teaming, adversarial emulation, and various types of penetration testing, including network, web app, mobile app, wireless, and cloud.