In some ways, the recent prisoner exchange could come back to bite the United States

For a traveler and a newspaper reporter, the U.S. returned a ruthless murderer and a gaggle of malicious cyber hackers.

The nation was glad to see the recent exchange of prisoners with Russia. But it wasn’t an equal exchange. For a traveler and a newspaper reporter, the U.S. returned a ruthless murderer and a gaggle of malicious cyber hackers. The vice president of global cyber risk at Optiv has studied the exchange and its implications closely. James Turgal joined the Federal Drive with Tom Temin to discuss more.

Interview transcript: 

Tom Temin  Mr. Turgal, good to have you with us.

James Turgal  Thanks for having me.

Tom Temin  And you are concluding that there is going to be implications for this exchange in terms of activity on the cyber front directed back at the United States?

James Turgal  Yes. I mean, look, there’s moral, ethical, pragmatic considerations, and certainly a number of emotional considerations with any kind of prisoner exchange. And let me just say, up front, I’m very happy for the families of the Americans that were returned. But usually when you do, when you consider a prisoner exchange, it’s trying to swap like and kind, you know, skill levels or ranks, and there is the release of a significant number of highly skilled convicted, what I call cyber terrorists. They’re going to go back to Russia and wherever they came from, and reengage in the cyber warfare that they were executing prior to their capture and conviction. And so we’re releasing back into the ether, right back into the wild, these significant cyber threat actors that will just start to wreak more havoc on the U.S. and our allies from the cyber perspective.

Tom Temin  And just to be fair, I’m sure U.S. officials were totally aware of this, and a lot of work goes on diplomatically and technically to effect these changes, and not to denigrate all of that work, because that’s the work that the country demanded of them. But describe the level of activity that exists in the technical attack, counter attack, thwart, counter thwart, that goes on between the United States, Russia, other countries, because it’s probably higher level of activity than people realize.

James Turgal  It’s an extremely high level. So, you also have the distinction between, the U.S. does not authorize individuals to go out and hack on behalf or infiltrate, you know, companies on behalf of the United States government. And, in fact, I, having been a cyber agent with the FBI, right? Actually, you know, pursued, investigated and prosecuted. You know, U.S. individuals, for doing such things. And so the level of of cyber activity just from the nation states alone, is at an all time high. But you add on to that what they call initial access brokers, where you’ve got a lot of freelance organizations, freelance individuals out there that are hacking, that are doing like the initial access into a company, and then they hand it off to another group, right. I can go out of the dark web right now, and for $5,000, rent ransomware for 30 days and attack whoever I want to. So AI has exacerbated this extremely, and so now you have this marketplace out there where anybody can jump in and utilize a fairly high level amount of malware, and so the numbers are just increasing, and that’s just the low level stuff, let alone what we’ve just talked about, right? These significant, you know, Russian and foreign cyber threat actors that are known, that are highly skilled, right? And you’re releasing them back into the wild.

Tom Temin  And these are individuals among probably hundreds, maybe thousands in these different countries, in this case, in Russia. So the question is, the relatively small number of individuals that are gone back to Russia and joining that official and officially sanctioned army of people, is it enough to make a difference? Do you think, will we notice that they’re back?

James Turgal  Well, I mean, that’s a that’s a decent question, right? And you won’t know until there’s a a significant attack that is then attributed back to one of these individuals. Again, these were highly skilled cyber threat actors that got the attention of, you know, certainly taking out and victimizing certain U.S. companies. It’s the well known ones, right? It’s the health care systems, it’s the hospitals. It’s all of those types of attacks. And honestly, once we’re able to attribute an attack back to one of those individuals, yeah, you’ll see it, but it will take some time.

Tom Temin  We’re speaking with James Turgal. He is vice president of global cyber risk at Optiv. Is there anything really active that corporations, contractors, government agencies should do differently as a result of this exchange, or simply keep doing what they were doing to the best of their ability?

James Turgal  Yeah. I mean, I don’t want anybody changing their methodology just because these, you know, threat actors are back in the wild, right? You need to be able to maintain your ecosystem. You’re right. You need to do the basics of cyber hygiene, right? You need to understand where your data is, protect your data, make certain that you are doing and spending the right money in the right places to protect your data and your ecosystem. This prisoner exchange doesn’t change that, right, but it does, in my opinion, put a higher price tag on the fact that we’re now letting, now that we know the actual TTPs, right? It’s the tactics, the procedures, the all of the ways in which these specific threat actors actually worked, they’re now going back and changing those TTPs, right? And so we need to evolve with them.

Tom Temin  What are the signals saying about which sectors might be vulnerable now? We know healthcare has been hit over and over again, and I think still recovering from the latest one in the inter organizational payment system that was hacked. And we also had a GAO report that, increasingly, water systems in municipalities, regional operating systems, because of the operational technology, being hacked. What are you seeing in terms of trends of sectors that seem to be in their crosshairs?  Based on a review of our client base, financial services, still the number one target out there. Healthcare, hospital systems. It’s not just the healthcare system, right? It is, or the sector. You got to realize there are a number of companies that own part of the payments process, and then they own multiple hospitals. And so now you’ll have this crossover of attacks that not only are taking out individual hospitals, but those companies own hospitals in multiple states, right? And so now the exacerbation of that right, the scale at which those implications occur. It’s not just a hospital in a state, right? It’s a hospital system that runs hospitals over, you know, a three or four state area, and now you’re talking hundreds of hospitals. And so it’s the scale aspect of this which, to me, is the most important point to kind of think about, is, how do we reduce that scale? And when you look at network scale in a different sector, among the sectors, you would think, then that maybe transportation and the electrical utility would be not far behind.

James Turgal  Yeah, so critical infrastructure, as you mentioned, Tom, is a big deal, right? Whether it’s water, whether it’s power, the energy grid, right? Certainly those are always been high, high value targets for nation state cyber threat actors, and will continue to be. But I’m also seeing an uptick in manufacturing and also some of the services, right? The MGM hack occurred. Real estate is also something I’ve been spending a lot of time on the real estate industry with, whether it’s the real estate side, whether it’s mortgage, whether it’s finance, right? The Fidelity National Finance attack, a number of those within the real estate sector is gaining strength.

Tom Temin  And getting back to the prisoner exchange, you’ve named a couple of the people that weren’t at the top of the newspaper stories and the media reports, but these are people that have, as you pointed out, been sentenced, tried and sentenced to prison terms. Just give us a sense of the level of hacking and damage they’ve done. It’s hundreds of millions of dollars.

James Turgal  There are some well known threat actors that were released. One in particular was what I call a crypto warrior. So he’s out there engaging in crypto mining, but also the fraud schemes that go along with that, and these are tens of hundreds of millions of dollars in damages, not just the amount that has been paid from their ransomware attacks, their malware attacks. But now you add on to that, what amount is that company actually having to pay to both respond to it, to remediate the problem, right, to rebuild their systems, and now you’re into, again, multiples of hundreds of millions of dollars of damages, not just to pay out a particular ransom, but also to remediate and respond to the attack.

Tom Temin  Well, we’ll have to keep our antenna up in particular now that this has happened. James Turgal is vice president of global cyber risk at Optiv. Thanks so much for joining me.

James Turgal  Thanks Tom. Appreciate the time.

Tom Temin And we’ll post this interview at federalnewsnetwork.com/federaldrive. Hear the Federal Drive on your schedule. Subscribe wherever you get your podcasts.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    cyber, EPA, Water Contamination Nitrates Oregon

    EPA fosters IT resilience through cloud, integrated teams, automation tools

    Read more
    Getty Images/iStockphoto/cybrainCloud Computing

    CISA directs agencies to find, fix cloud security misconfigurations

    Read more