House Consumer Protection Subcommittee ranking member Gus Bilirakis, R-Fla., will soon introduce legislation to ensure the FTC is “focused on ransomware” and working with a broad group of law enforcement agencies, House Commerce Committee ranking member Cathy McMorris Rodgers, R-Wash., announced at a subcommittee hearing Tuesday. She cited recent ransomware attacks on Colonial (see 2106110031) and others as reasons for Congress to act. Bilirakis isn’t a member of the House Oversight Subcommittee, which held the hearing with testimony from Microsoft and FireEye. Last year, more than 2,400 organizations were victimized by ransomware attacks with a financial impact of about $500 million, said Microsoft Assistant General Counsel Kemba Walden. Subcommittee Chair Diana DeGette, D-Colo., cited a Microsoft report claiming more than 99% of cyberattacks could be prevented with multifactor authentication deployed. She asked if Congress should mandate such requirements through legislation, and Walden agreed. House Commerce Committee Chairman Frank Pallone, D-N.J., cited the Biden administration’s recent efforts to combat ransomware, including a new ransomware website (see 2107150036) and efforts to make it more difficult for hackers to transfer funds using digital currency. Victims pay to accelerate the process of recouping their business operations or because it’s in the best interest of protecting their data and customer data, said FireEye-Mandiant Senior Vice President Charles Carmakal. This is despite the lack of guarantees the compromised data will be deleted, he said: Victims do anticipate that stolen data is eventually published “at a later point in time.”

DOJ and the Department of Homeland Security announced a new website Thursday to “combat the threat of ransomware.” DOJ described StopRansomware.gov as a “one-stop hub for ransomware resources for individuals, businesses and other organizations.” It includes resources from DHS’ Cybersecurity and Infrastructure Security Agency, the Secret Service, FBI, National Institute of Standards and Technology and all other cyber-related federal agencies. The Senate Judiciary Committee, meanwhile, plans a hearing July 27 on ransomware threats, Chair Dick Durbin, D-Ill., and ranking member Chuck Grassley, R-Iowa, announced Wednesday. They asked DOJ, the FBI and CISA to testify. The agencies didn’t comment.

Ring’s end-to-end encryption feature is out of technical preview and available to customers with eligible devices worldwide, blogged Chief Technology Officer Josh Roth Tuesday. Ring is the first major home security provider to offer end-to-end encryption, Roth said, saying the opt-in feature offers an added layer of security to videos. The company is adding support for authenticator apps for two-step verification. Customers can choose a compatible authenticator app, in addition to existing methods like SMS, as their second method of verification when logging into their Ring accounts. The company is also rolling out Captcha in the Ring and Neighbors apps to safeguard customer account information and help prevent automated login attempts from bad actors, Roth said. In coming weeks, Ring will launch an automated self-service process to allow customers to securely transfer ownership of used Ring devices without having to call customer service. The new device owner scans the device during setup, then follows instructions on the Ring app, which alerts the original owner to remove the account from her app, said Roth.

Hisense is the first smart TV platform to get certification for European Telecommunication Standards Institute standard ETSI EN 303 645, said grantor TUV Rheinland. The standard regulates cybersecurity baseline requirements for consumer IoT products such as user privacy protection and primary network attacks prevention.

The GSM Association said Tuesday it’s expanding its fraud prevention service offerings, in a bid to “enhance the telecoms industry’s capacity to combat robocalling and other unwanted or fraudulent calls.” GSMA is working with vendor Mobileum on a new international fraud deterrent system, it said.

Cyberthreats of “brand abuse” where hackers impersonate companies online were 68% of Q1 fraud attacks, up from 21% in Q4, reported Outseer Thursday. The payment authentication vendor, which claims “visibility” into 41,000 global cyberattacks, attributes this to the increased use during the COVID-19 pandemic of social media, web publishing and cloud-based collaboration tools. Phishing-based threats were 25% of Q1 attacks. The U.S. had three-quarters of global ISPs' “hosting phishing attacks," it said. “It comes as no surprise that fraud attack volume continues to grow at a record pace, considering the pronounced shift to digital commerce throughout the pandemic,” said Outseer Chief Marketing Officer Armen Najarian.

Huawei believes the U.S. should “put the evidence out there” to justify recent actions to curb the presence of the Chinese telecom gear vendor’s products on U.S. networks, the company's U.S. Chief Security Officer Andy Purdy said during an episode of C-SPAN’s The Communicators set to telecast this weekend. The 5th U.S. Circuit Court of Appeals Friday denied Huawei’s challenge to the FCC ban of its equipment from networks funded by the USF (see 2106220053). Commissioners are to vote July 13 on congressionally mandated changes to its system for replacing insecure U.S. network equipment from Huawei and fellow Chinese vendor ZTE (see 2106210062). U.S. restrictions hurt Huawei “pretty badly in terms of our ability to do business” in the country, Purdy said. “Things are not going very well.” If “Huawei has done bad things, show us” so “the whole world can see so that they don’t just need to create incentives” not to buy Huawei products, he said. “There is not such evidence” and there “is no connection” between Huawei and the Chinese government “other than any other company around the world would have.” The U.S. shouldn’t “do things” like the FCC did in using “predictive judgment” to justify its anti-Huawei actions, Purdy said. “That’s not really consistent with the rule of law approach” that federal agencies generally employ.

Market opportunity looms for designing security directly into IoT devices, reported ABI Research Tuesday. It forecasts growing adoption of “developer-friendly on-device security architectures, such as runtime protection and secure execution environments, at affordable prices for IoT markets.” IoT device security historically has been implemented at the network level, “mostly because security functions are either too complex, resource-intensive or costly to integrate,” but those arguments are “less convincing today,” said analyst Michela Menting. “Growth in edge native security architectures has seen significant improvements in both hardware and software, which are cost-effective, have low overheads, use less bandwidth, and can even provide local analytics for an automated response.”

The Senate Homeland Security Committee on Wednesday advanced nominees for Biden administration cyber posts. National cyber director nominee Chris Inglis and Jen Easterly, nominated to be director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (see 2104120059), advanced to the floor. USTelecom CEO Jonathan Spalter called them “battle tested and clear-eyed cyber professionals.”

The supply chain and cybersecurity are interconnected, Interos Vice President-Research and Analysis Andrea Limbago told an American Enterprise Institute webinar (see 2106110031). COVID-19 and, now, ransomware, are pushing the topic of supply chains from an esoteric discussion to headline news, and "it's only getting more complex." In addition to presidential executive orders and congressional action, deterrence relies on the international environment to get to the root of the problem of nation states advancing or allowing cyberattacks, said Ginny Badanes, Microsoft director-strategic projects, cybersecurity and democracy. The U.N. and other bodies are considering what red lines to set and what norms can be established to assess when those lines are crossed, she said Friday. Disinformation feeds into cybersecurity, lowering trust in institutions, Badanes said: Technology can be used to fight it but there's also a role for state and local government, tech society and other stakeholders.