The Financial Stability Review was released by the Reserve Bank this month. Within it, the institution warns cyber attacks pose a "significant threat" to our financial system.

Let's look closer into what the Reserve Bank of Australia had to say about the threat of cyber attacks.

Cyber attacks are on the rise globally

The Reserve Bank noted in its report the rising risk and occurrences of cyber attacks on Australia's financial institutions.

In fact, Australian banks face millions of cyber attacks each day.

One doesn't have to look far to find examples. For instance, a cyber attack on ASIC and the Reserve Bank of New Zealand hit the news in January, when attackers breached third-party software, Accellion FTA. 

Other news-worthy attacks this year include the Russian-backed attack on United States-based Solar Winds Corp (NYSE: SWI), which experts estimate affected 18,000 of the company's customers. Another is the Chinese backed hacker who launched a worldwide attack on Microsoft Corporation (NASDAQ: MSFT) in March. 

In 2018, the International Monetary Fund estimated direct losses from cyber attacks could be as high as 9% of total bank incomes globally – around US$100 billion annually.

Though, it wasn't just hacks and attacks that were highlighted as technological dangers to Australia's financial stability.

The Reserve Bank found, as digital platforms and service channels get more nuanced, their risk of failing becomes greater.

An example that may well be a bit too close to home is the ASX's technical issues that interrupted the trading day on 16 November 2020.

What can be done to prevent attacks?

The Council of Financial Regulators (CFR) have already begun working to find weaknesses in Australian financial entities' software.

The CFR coordinates Australia's main regulatory agencies, including the Australian Prudential Regulation Authority, the Australian Securities and Investments Commission, the Australian Treasury and the Reserve Bank.

Currently, it's conducting an 18-month pilot exercise of its Cyber Operational Resilience Intelligence-led Exercises (CORIE) framework.

CORIE is designed to test and demonstrate the cyber resilience of institutions in the Australian financial services industry.

It will be used to assess cyber resilience by testing selected financial sector entities to 'ethical hacking' exercises.

The Reserve Bank hopes CORIE will inform regulators of any systemic or institution specific cyber security risks.

The post Cyber attacks a growing risk to our financial security, says Reserve Bank appeared first on The Motley Fool Australia.

And before you load up on more hand sanitiser and face masks, this isn't any new COVID variant. Or any kind of physical bug at all.

But that doesn't mean these new bugs can't cause immense damage if left unchecked.

"A cold and calculated assault"

It's been only three months since Russian backed hackers worked their way into the software developed by United States-based Solar Winds Corp (NYSE: SWI). Since then, experts estimate some 18,000 of the company's customers have been affected by the hack.

Perhaps sensing a prime moment to strike, industry experts say Chinese backed hackers launched a worldwide attack on Microsoft Corporation (NASDAQ: MSFT) last Tuesday 2 March.

The one-two punch by Russian and Chinese hackers has left cybersecurity firms scrambling to keep up with the demand for their services.

According to Bloomberg, "tens of thousands of companies" have been impacted by these attacks.

And it gets worse.

Like jackals sensing wounded prey, private hackers (as opposed to those empowered by China and Russia) are making the most of the vulnerabilities exposed during the hacking attacks. These include "criminal groups trying to re-purpose secret entry points that China installed in its numerous victims".

Commenting on the latest cyberattack, Tom Burt, Microsoft's corporate vice president for customer security & trust said (quoted by Bloomberg):

It's a race. Since the time we went public with the update's availability, we've seen the number of compromised customers just explode. It went up incredibly rapidly and continues to increase.

Highlighting the overly-coincidental timing of China's attack, Lior Div, co-founder and chief executive officer of Cybereason added:

The attack on Microsoft Exchange is a cold and calculated assault. The Chinese attackers know exactly what they are doing. The new administration has been distracted by investigations into another U.S. adversary on the cyber battlefield – Russia – and its calculated breach against SolarWinds.

If you or your company have been impacted by the hacks, be aware that infiltrators could be able to access all your emails.

Although Microsoft came out with a security patch last week, experts caution it could take months to rid systems of lingering cyber criminals.

And as the ACSC cautions, the hackers are busy in Australia as well:

The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) has identified extensive targeting, and has confirmed compromises, of Australian organisations with vulnerable Microsoft Exchange deployments. The ACSC is assisting affected organisations with their incident response and remediation.

The ACSC has identified a large number of Australian organisations are yet to patch vulnerable versions of Microsoft Exchange, leaving them vulnerable to compromise. The ACSC urges these organisations to do so urgently.

And with many companies now having their staff working from home, with remote access to what are meant to be secure systems, this warning should not be taken lightly.

ASX cybersecurity shares in the spotlight

There aren't many ASX listed cybersecurity companies. The few that are listed in Australia would be classified as very small-cap or microcap shares.

As articles such as this one have the power to move the share prices of very small companies, I'll leave you to uncover and research the smaller ASX cybersecurity shares on your own. (Google is a wonderful starting place!)

With that said, the Betashares Global Cybersecurity ETF (ASX: HACK) offers ASX investors exposure to 40 international cybersecurity providers.

The exchange-traded fund (ETF) counts Crowdstrike Holding Inc (NASDAQ: CRWD) as its largest holding, with a 7.3% weighting. Zscaler Inc is number 2.

The HACK share price is up 2% in intraday trading today and up 20% over the past 12 months. By comparison, the All Ordinaries Index (ASX: XAO) is up 16% over the last full year.

The post Chinese and Russian hack attacks put ASX cybersecurity shares in spotlight appeared first on The Motley Fool Australia.