FOCUS MODE
EXTRACT IOC
Cyber Security News

Microsoft confirms Azure, 365 outage linked to DDoS attack

Cyware

Summary: Microsoft experienced an eight-hour outage due to a DDoS attack affecting its Azure portal and Microsoft 365 services, compounded by a security response error. The company is conducting a review to analyze the incident and improve future responses.

Threat Actor: Pro-Russia hacktivists | Anonymous Sudan
Victim: Microsoft | Microsoft

Key Point :

  • A DDoS attack led to significant service disruptions for Microsoft, affecting Azure and Microsoft 365.
  • The incident was exacerbated by an error in Microsoft’s security response protocols.
  • Initial mitigation efforts included networking configuration changes and failovers to alternative paths.
  • The outage was resolved after nine hours, with service restoration efforts prioritized by region.
  • This incident follows a recent global IT outage linked to a defective software update from CrowdStrike.

Dive Brief:

  • Microsoft said a DDoS attack led to an eight hour outage Tuesday involving its Azure portal, as well as some Microsoft 365 and Microsoft Purview services. 
  • Microsoft said an unexpected spike in usage led to intermittent errors, spikes and timeouts in Azure Front Door and Azure Content Delivery Network. An initial investigation showed an error in the company’s security response may have compounded the impact of the outage. 
  • Microsoft said it will have a preliminary review of the incident in 72 hours and a final review within two weeks, to see what went wrong and how to better respond.

Dive Insight:

The incident comes less than two weeks after a global IT outage involving 8.5 million Windows devices when CrowdStrike issued a defective software update in its Falcon security platform. 

After initially learning of the incident, Microsoft made networking configuration changes to support its DDoS mitigation. The company also performed failovers to alternative networking paths.

This is not the first time the company has dealt with DDoS-associated disruption. Microsoft was the target of a series of DDoS attacks in 2023 linked to pro-Russia hacktivists, including a group known as Anonymous Sudan.

Microsoft said initial networking configuration changes mitigated the majority of the impact by shortly after 10 a.m. EST, just over three hours after the disruption began. Some customers subsequently reported less than 100% availability and the company began rolling out an updated response, first in Asia Pacific and then Europe. 

After validating the successful mitigation, the changes were rolled out in the Americas.

Failure rates improved to pre-incident levels by the afternoon and by just before 5 p.m. EST the incident was declared resolved, nine hours after the disruption began. 

“The Microsoft outage demonstrates the ease at which DDoS actors can wreak havoc against critical business services,” Donny Chong, director at NexusGuard, said in a statement.

Source: https://www.cybersecuritydive.com/news/microsoft-azure-365-outage-ddos/722920

Views: 0

Tags: WINDOWS, RUSSIA, IMPACT