Microsoft: DDoS Attack Caused Recent Global Azure Services Outage

Microsoft confirmed that a recent global outage of Azure services was caused by a DDoS attack. The incident impacted users worldwide, disrupting access to various cloud services. Microsoft is actively working on restoring full functionality and implementing enhanced security measures to prevent future attacks. Learn more about the details of the outage, its effects, and Microsoft's efforts to ensure the stability and security of its cloud infrastructure.

A range of Azure and Microsoft 365 services experienced over nine hours of downtime on Tuesday, July 30, due to a distributed denial-of-service (DDoS) attack, according to a statement from the tech giant.

From 11:45 UTC to 19:43 UTC, Microsoft customers worldwide were unable to access services such as Azure App Services, Application Insights, Azure IoT Central, Azure Log Search Alerts, Azure Policy, the Azure portal, and various Microsoft 365 and Microsoft Purview services.

However, the company has not identified any specific threat actor responsible for the DDoS attack.

"While the initial trigger was a DDoS attack that activated our DDoS protection mechanisms, initial investigations indicate that an error in our defense implementation exacerbated the attack's impact instead of mitigating it," Microsoft stated.

During the outage response, Microsoft mentioned that an "unexpected usage spike" caused Azure Front Door (AFD) and Azure Content Delivery Network (CDN) components to perform below acceptable thresholds, resulting in intermittent errors, timeouts, and latency spikes.

"Once the nature of the usage spike was understood, we implemented networking configuration changes to support our DDoS protection efforts and performed failovers to alternate networking paths to provide relief," the company added.

Tuesday's outage marked the second time in a month that thousands of Microsoft's customers were affected. On July 19, Microsoft reported that a backend configuration change in its cloud computing services caused connectivity loss for customers, primarily in the central US region.

On the same day, a faulty update deployed by cybersecurity firm Crowdstrike caused Windows PC systems to display the 'blue screen of death,' disrupting airports, hospitals, banks, news outlets, and other companies worldwide.

What is a DDoS attack? A DDoS attack occurs when a website or server is overwhelmed with errant traffic, diminishing its functionality and potentially causing it to go offline. This type of attack is one of the most common cyber threats.

Threat actors often target websites and servers of e-commerce, gaming, and telecom companies to damage their business, sales, and reputation. Hackers may also launch DDoS attacks to infiltrate a company's database and access confidential information. While some DDoS attacks last only a few hours, others can continue for days.

For questions or comments write to writers@bostonbrandmedia.com

Source: Indianexpress‍