Last week's revelation of a new cyberattack on thousands of small businesses and organizations, on top of last year's SolarWinds hack, shows we've entered a new era of mass-scale cyber war, Axios' Scott Rosenberg reports.

Why it matters: In a world that's dependent on interlocking digital systems, there's no escaping today's cyber conflicts. We're all potential victims even if we're not participants.

The big picture: Until recently, sophisticated, state-backed hacks were typically aimed at narrow targets. Now, harm from the new nation-state cyber-fights is regularly spilling over to unprecedented numbers of companies, organizations and individuals. 

• The SolarWinds attack that surfaced late last year, widely attributed to a Russian government-backed group, compromised networks at the Treasury, State, Defense and Commerce departments along with as many as 18,000 companies and institutions and left a long tail of dangerous uncertainties in its wake.
• The new incident — targeting flaws in Microsoft's Exchange Server, widely used by small- and medium-sized companies and organizations — affected 30,000 U.S. Exchange customers and many more around the world, according to Brian Krebs of Krebs on Security. Microsoft pinned the attack on a new group it dubbed Hafnium that it tied to the Chinese government.

Details: Microsoft issued a patch last week that customers have been scrambling to install. The patch will prevent further intrusions, but won't close up back doors previously installed by the hackers.

• That means a lot of Exchange shops are going to be waiting for another shoe to drop, and their security teams are going to be working overtime to prevent that.

Catch up quick: Hacks of yore regularly affected vast numbers of systems — from 1999's Melissa virus, passed along by infected Microsoft Word documents in email attachments, to 2017's Wannacry ransomware epidemic.

• These attacks sometimes, as with Wannacry, made use of government-developed tools and techniques that had leaked into the wild. But they almost always were the work of petty criminals or hobbyists.
• When governments sponsor attacks, they choose their targets with more precision — at least, that's been the assumption until now.

Our thought bubble: Cyber conflict's trajectory from a contained, specialized arena toward one that touches lives around the planet mirrors the one that Western warfare itself has followed in recent centuries.

• Professional armies fought small-scale conflicts in the 18th century. But then revolutionary France conscripted a broad swath of the public, Gen. William Tecumseh Sherman brought war home to the plantations of the American South, and by the 20th century military activities became impossible to confine to some defined battlefield.
• The same progression is taking place on today's fields of online conflict. Governments increasingly pursue their ends not with surgical pinpoint attacks but instead with broadly disruptive digital campaigns that can include everything from theft and ransom to sabotage and shutdowns.

The bottom line: Cybersecurity analysts emphasize that, in this latest hack as in so many others, we may never know exactly who is to blame, who was targeted, and who got caught in the crossfire.

Go deeper.

Facebook chief operating officer Sheryl Sandberg thought CEO Mark Zuckerberg was "nuts" when he raised the possibility in January 2020 that 50,000 employees might have to work from home. By March 6, they were, Axios' Jacob Knutson reports.

Why it matters: In an interview Monday with Axios Re:Cap, Sandberg explained how Facebook moved quickly to respond to the pandemic with grants for small businesses and work-from-home stipends for its employees.

Flashback: "In January, Mark told me and others that we should get ready for the possibility that we would all have to work from home and there might be a pandemic," Sandberg told Axios Re:Cap host Dan Primack.

• "And I thought he was nuts. I was like, 'What do you mean there'd be a pandemic. What's a pandemic? And would we really work from home?' But he said, 'No, no. It's possible that everyone's going to have to, like, go home.'"

What happened: Sandberg called the pandemic a "crisis for women," but said Facebook was able to retain people by providing additional COVID leave so their "attrition rates of women are not higher than our attrition rates of men."

• "I definitely heard later that people followed some of the examples we set and I was happy about that. For women out there, I wish more companies did more of it."

The big picture: Sandberg said 50,000 employees and tens of thousands of contractors were affected by those early decisions. The company "reached 2 billion people with the right authoritative information on coronavirus" on Facebook itself.

• "We gave hundreds of millions of dollars in grants to 30,000 small businesses around the world. And then we did another tranche later for Black, small businesses, nonprofits and creators that probably hit thousands more."

What's next: Sandberg said Facebook is exploring more work-from-home options and thinks the pandemic permanently changed how we work.

GSMA, the trade group that puts on Mobile World Congress, said Monday the event will take place in person in Barcelona in June, while also announcing a series of new procedures it hopes will assuage health concerns.

Why it matters: The event is the biggest wireless industry trade show and a key source of funds for the GSMA. However, many are skeptical of holding an event with tens of thousands of people, many of whom won't have yet been vaccinated.

Driving the news: GSMA has already pushed the event from February to June, and on Monday it announced details of a plan that calls for attendees to be tested for COVID-19, but doesn't require them to have been vaccinated.

Under the plan:

• Attendees will have to test negative within 72 hours of the show and be tested again every 72 hours.
• The venue will have more entrances and exits and improved ventilation, with temperature checks at all entrance points.

Yes, but: A much smaller gathering in California that relied on testing and similar precautions resulted in a significant outbreak infecting two dozen attendees, including organizer Peter Diamandis.

Flashback: Organizers eventually canceled last year's event, but only after many of the industry's key players had said they wouldn't attend.

What they're saying: "We believe that we can have around 45,000 to 50,000 attendees, as of today," Stephanie Lynch-Habib, the GSMA's chief marketing officer, said in an interview with Bloomberg on Monday.

Spot, a new startup born after nearly a year of incessant Zoom video calls, has raised $1.9 million in new funding led by Chapter One for a voice conference call alternative with some bells and whistles.

Why it matters: When the pandemic sent everyone to work from home, many workers seemed to forget that phone calls exist, opting instead to turn every work conversation into a video conference.

The idea behind Spot is to make it possible for users to take "walking meetings" instead of being glued to computer screens all day, co-founder Greg Caplan tells Axios.

• Recent research from Stanford University showed that decreased mobility, prolonged self-monitoring and increased cognitive load from video make Zoom calls tiring for workers.

How it works: Spot, which launches in beta Tuesday with a free app for iOS (you can also dial in from the web), is similar to the familiar conference call. But it includes a clever feature that lets users quickly request a transcript of the last 30 seconds by saying: "Spot, fetch!"

• To do this, Spot records every phone call, though participants can turn that off.
• The company plans to generate revenue eventually by charging for premium options, and aims its product at business users.

The bottom line: Conference calls are nothing new. But after a year of never-ending video chats, workers might be eager to bring them back.

On Tap

• MongoDB is slated to report quarterly earnings after the markets close.

Trading Places

• Google, Slack and Microsoft veteran Erica Joy Baker is joining the Democratic Congressional Campaign Committee (DCCC) as its first chief technology officer.
• Cisco promoted three women in its executive ranks. Maria Martinez will be chief operating officer. Fran Katsoudas will be chief people, policy and purpose officer. Liz Centoni will add the roles of chief strategy officer and general manager of Cisco's applications business.

ICYMI

• Twitter on Monday sued Texas Attorney General Ken Paxton, saying that his office launched an investigation into the social media giant as retribution for banning former President Trump from its platform. (Axios)

This is just what you don't want in an ocean swim but exactly what you do want in a bathing suit.