Today is Wednesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here and view the full edition here.
The FBI is urging the private sector to bolster its cyber defenses as it prepares for possible Russian cyberattacks against critical infrastructure.
Meanwhile, the IRS has discovered over $1.8 million in fraudulent activity related to federal COVID-19 stimulus funds.
Send tips and feedback to The Hill’s tech team, Rebecca Klar (rklar@digital-staging.thehill.com) and Chris Mills Rodrigo (cmillsrodrigo@digital-staging.thehill.com), and cyber reporter Ines Kagubare (ikagubare@digital-staging.thehill.com).
Let’s get to it.
Feds raise concerns over cyberattacks
FBI Director Christopher Wray on Tuesday warned the private sector to prepare for potential cyberattacks, saying U.S. agents were “particularly focused on the destructive cyber threat” from Russian agents.
The FBI director spoke just a day after the White House warned companies to bolster defenses and prepare for potential cyberattacks while the Russian invasion of Ukraine intensifies as it approaches a month since forces entered the country.
Speaking at the Detroit Economic Forum, Wray mentioned the attack on Colonial Pipeline last year, which shut down one of the largest pipelines on the East Coast for five days. A criminal group based in Russia was responsible for the cyberattack.
What Wray said: “Private networks, whether they belong to a pipeline operator, some other kind of victim, or an internet service provider, are most often the place we confront adversaries,” he said. “If American businesses don’t report attacks and intrusions, we won’t know about most of them, which means we can’t help you recover, and we don’t know to stop the next attack.”
Widespread relief fraud
IRS investigators have uncovered more than $1.8 billion in fraudulent activity related to federal COVID-19 stimulus funds, the agency said Wednesday.
Two years after the Trump administration passed the first trillion-dollar stimulus package, which provided $1,200 checks to individuals and forgivable loans to small businesses as the US economy shut down, the IRS said it has closed 660 criminal cases related to various stimulus bills prompted by the pandemic.
“These cases included a broad range of criminal activity, including fraudulently obtained loans, credits and payments meant for American workers, families, and small businesses,” the IRS Criminal Investigation division said in a statement.
Many of these are wire fraud cases in which people made false claims about their business or financial situation in order to obtain money from the government.
HACKING GROUP TARGETS MICROSOFT
Microsoft has confirmed that the hacker group Lapsus$ breached its security system, after the digital extortion gang claimed credit earlier this week.
“Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion,” Microsoft disclosed in a blog post late Tuesday night.
“This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.”
Microsoft said in the post that Lapsus$, also known as DEV-0537, had breached one account, resulting in “limited access” but not to the data of any of the tech giant’s customers.
HEALTH DATA BREACHED
The health data of almost 50 million Americans was breached last year, according to a Politico analysis of data from the Department of Health and Human Services.
Health care organizations in every state except South Dakota reported data breaches in 2021. Half of states, as well as Washington, D.C., saw more than 1 in 10 of their residents have their health information accessed without authorization, Politico found in its analysis of more than six years of data from the department’s Office for Civil Rights.
Reported breaches are organized by type. Hacking is most prevalent and was involved in 75 percent of the breaches in 2021, a major uptick compared to 35 percent in 2016. Other breaches includes instances of data theft, like a stolen laptop, or unauthorized access, like sending information to the wrong person, Politico added.
Hospitals, insurers and health care systems that are covered by the Health Insurance Portability and Accountability Act are required to report any breaches of protected health information that impact 500 or more people. They also must notify individuals who have been affected by the breach.
SOUTH AFRICA SNAG
A South African court halted construction of an Amazon headquarters facility in Cape Town, ruling that more consultation was needed with Indigenous people who have objected to the new Amazon home.
In her decision on Sunday, Patricia Goliath with the Western Cape division of the High Court said there was a “fundamental right to culture and heritage of indigenous groups,” according to Reuters. While she did not rule against the project, the judge said more consultation and discussion on the project with affected people was required
The Hill has reached out to Amazon for comment.
Amazon’s River Club facility would become the retail giant’s headquarters in Africa, with 150,000 square meters of mixed-use space, including commercial and housing projects and a 200-room hotel.
BITS & PIECES
An op-ed to chew on: How much do we know about what the universe is made of?
Lighter click: No coming back from this
Notable links from around the web:
Koch Industries, suddenly worried about climate change, becomes huge EV battery player (Protocol / Sarah Roach)
DJI Drones, Ukraine, And Russia — What We Know About Aeroscope (The Verge / Sean Hollister)
The rise of the Twitter spies (The Washington Post / Pranshu Verma)
ONE MORE THING: CRYPTO COMING TO NFL
The NFL granted its teams permission to seek blockchain sponsorships but will still restrict promotions using cryptocurrency and fan tokens.
In a memo sent on Tuesday, the league said it made the decision to allow “promotional relationships” with businesses after it completed its evaluation of the new wave of technology.
The has lobbied the Securities and Exchange Commission (SEC), White House and Justice Department on issues related to blockchain technology over the past year, according to CNBC.
“In this evolving regulatory environment, it remains essential that we proceed carefully when evaluating potential commercial opportunities involving blockchain technologies, and conduct appropriate diligence on all potential partners and their business models,” the league memo said.
“League staff has also continued to closely monitor the evolving blockchain regulatory environment and key developments, such as President Biden’s recent executive order calling for federal agencies to coordinate efforts in assessing blockchain digital asset regulation and oversight, with a focus on consumer protection and rooting out illegal activity,” it added.
That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Thursday.