Microsoft Says Azure Outage Caused by DDoS Attack Response

Share This Post

Microsoft’s response to a distributed denial-of-service (DDoS) attack appears to have caused Azure service outages that impacted many customers.

Microsoft explained on its Azure status page that a “subset of customers” experienced issues connecting to services such as Azure App Services, Application Insights, Azure IoT Central, Azure Log Search Alerts, and Azure Policy, as well as the Azure portal and some Microsoft 365 and Purview services.

According to the BBC, the outage, which lasted roughly 10 hours, impacted water utilities, courts, banks, and other types of organizations. 

Microsoft said it initially saw an unexpected usage spike that resulted in Azure Front Door and Azure Content Delivery Network components “performing below acceptable thresholds”, which led to errors, timeouts and latency issues. 

An investigation showed that a DDoS attack launched against its systems triggered protection mechanisms, but an implementation bug in those defenses caused the attack’s impact to be amplified rather than mitigated. 

The tech giant has promised to publish a preliminary incident review within 72 hours and a more detailed review within two weeks. 

It’s unclear who is behind the DDoS attack on Microsoft services, but it would not be surprising if multiple hacktivist groups take credit for it in an effort to boost their reputation. 

The incident comes just days after millions of computers worldwide were disrupted by a bad update rolled out by cybersecurity firm CrowdStrike. 

Advertisement. Scroll to continue reading.

A vast majority of devices impacted by the CrowdStrike incident were restored within one week, but insurers predict billions in losses for the security firm’s major customers. CrowdStrike is also facing lawsuits over the incident.  

Related: Law Enforcement Disrupts DDoS-for-Hire Service DigitalStress

Related: OVHcloud Sees Record 840 Mpps DDoS Attack

Related: Inside AWS’s Crusade Against IP Spoofing and DDoS Attacks

This post was originally published on this site

More Articles

Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.