There are new and dangerous bugs running across the world.
And before you load up on more hand sanitiser and face masks, this isn't any new COVID variant. Or any kind of physical bug at all.
But that doesn't mean these new bugs can't cause immense damage if left unchecked.
"A cold and calculated assault"
It's been only three months since Russian backed hackers worked their way into the software developed by United States-based Solar Winds Corp (NYSE: SWI). Since then, experts estimate some 18,000 of the company's customers have been affected by the hack.
Perhaps sensing a prime moment to strike, industry experts say Chinese backed hackers launched a worldwide attack on Microsoft Corporation (NASDAQ: MSFT) last Tuesday 2 March.
The one-two punch by Russian and Chinese hackers has left cybersecurity firms scrambling to keep up with the demand for their services.
According to Bloomberg, "tens of thousands of companies" have been impacted by these attacks.
And it gets worse.
Like jackals sensing wounded prey, private hackers (as opposed to those empowered by China and Russia) are making the most of the vulnerabilities exposed during the hacking attacks. These include "criminal groups trying to re-purpose secret entry points that China installed in its numerous victims".
Commenting on the latest cyberattack, Tom Burt, Microsoft's corporate vice president for customer security & trust said (quoted by Bloomberg):
It's a race. Since the time we went public with the update's availability, we've seen the number of compromised customers just explode. It went up incredibly rapidly and continues to increase.
Highlighting the overly-coincidental timing of China's attack, Lior Div, co-founder and chief executive officer of Cybereason added:
The attack on Microsoft Exchange is a cold and calculated assault. The Chinese attackers know exactly what they are doing. The new administration has been distracted by investigations into another U.S. adversary on the cyber battlefield – Russia – and its calculated breach against SolarWinds.
If you or your company have been impacted by the hacks, be aware that infiltrators could be able to access all your emails.
Although Microsoft came out with a security patch last week, experts caution it could take months to rid systems of lingering cyber criminals.
And as the ACSC cautions, the hackers are busy in Australia as well:
The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) has identified extensive targeting, and has confirmed compromises, of Australian organisations with vulnerable Microsoft Exchange deployments. The ACSC is assisting affected organisations with their incident response and remediation.
The ACSC has identified a large number of Australian organisations are yet to patch vulnerable versions of Microsoft Exchange, leaving them vulnerable to compromise. The ACSC urges these organisations to do so urgently.
And with many companies now having their staff working from home, with remote access to what are meant to be secure systems, this warning should not be taken lightly.
ASX cybersecurity shares in the spotlight
There aren't many ASX listed cybersecurity companies. The few that are listed in Australia would be classified as very small-cap or microcap shares.
As articles such as this one have the power to move the share prices of very small companies, I'll leave you to uncover and research the smaller ASX cybersecurity shares on your own. (Google is a wonderful starting place!)
With that said, the Betashares Global Cybersecurity ETF (ASX: HACK) offers ASX investors exposure to 40 international cybersecurity providers.
The exchange-traded fund (ETF) counts Crowdstrike Holding Inc (NASDAQ: CRWD) as its largest holding, with a 7.3% weighting. Zscaler Inc is number 2.
The HACK share price is up 2% in intraday trading today and up 20% over the past 12 months. By comparison, the All Ordinaries Index (ASX: XAO) is up 16% over the last full year.
