Microsoft Points to DDoS Attack as Cause of Outage
Microsoft has confirmed that the cause of an outage of a number of its attacks were due to a distributed denial of service (DDoS) cyberattack aimed at its Azure services.
The incident, which lasted 10 hours, affected several Microsoft services globally, including Microsoft 365 products such as Office and Outlook.
During this period, users experienced difficulties connecting to various Microsoft services.
Microsoft said it had implemented a fix for the problem which "shows improvement", and it would monitor the situation "to ensure full recovery."
This incident comes on the heels of a separate issue less than two weeks prior, where a CrowdStrike update caused Microsoft Windows machines to crash.
Anatomy of the attack
Microsoft described the initial trigger as an "unexpected usage spike" resulting from a DDoS attack. Such attacks overwhelm services with traffic, rendering them inoperable.
Despite having DDoS protection mechanisms in place, an error in the implementation of these defences occurred.
DDoS as a means of cyber attack have had an alarming resurgence as of late.
Recent reports from cybersecurity firms Imperva, NETSCOUT, and F5 Labs, have documented an alarming surge in their frequency.
F5 Labs' 2024 DDoS Attack Trends report recorded a 112% increase in such attacks from 2022 to 2023, while Imperva reported a 111% rise in the first half of 2024 compared to the same period in 2023.
Imperva's report noted a 519% increase in DDoS attacks targeting Ukraine, while F5 Labs observed significant spikes in DDoS activity in America, France, and the UK.
Implications for critical Infrastructure
This attack, although largely resolved quickly, had key consequences for a number of enterprise customers who use its system.
Payment services MyAccount and PayNow had their services effected and the British judicial system HM Courts and Tribunals Service had issues with multiple online services.
Due to worldwide issues with Microsoft Azure, a problem with our website is affecting several services including MyAccount and PayNow.
Thanks for bearing with us as we work through this issue with our IT providers and do keep an eye on our social channels for further updates. pic.twitter.com/O5pHoHURP4
— Cambridge Water đźš° (@Cambswater) July 30, 2024
This attack is part of a broader trend of increasing DDoS attacks targeting critical infrastructure.
Critical infrastructure are companies involved in elements of telecommunications, and have been one of the most hit from the DDoS surge.
Imperva reported a 548% rise in application layer DDoS attacks targeting the telecom and ISP sectors, while F5 Labs found a staggering 655% increase in DDoS incidents in this sector.
DDoS developments
Microsoft has committed to publishing a Preliminary Post Incident Review within 72 hours of the outage, promising more details on the incident and their response.
"Clearly, the threat from DDoS attacks is constantly evolving,” David Warburton, Director of F5 Labs, warns.
This transparency is crucial as Microsoft claimed, "while the initial trigger event was a DDoS attack, which activated our DDoS protection mechanisms, initial investigations suggest that an error in the implementation of our defences amplified the impact of the attack rather than mitigating it."
Understanding potential new points of entry can broaden the arsenal of intelligence cybersecurity professionals have to work with and can help soothe this surge.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand
- Netskope SSE: Unifying Microsoft Entra Suite SecurityNetwork Security
- Cloudflare: Dissecting the Cyberattacks of the US ElectionCyber Security
- Microsoft: What Satya Nadella's $5m Pay Cut Says About CyberCyber Security
- DDoS Attacks Surge 49% as Hackers Target Financial SectorCyber Security