Monday, December 23, 2024

Microsoft says massive Azure outage was caused by DDoS attack

Must read

Microsoft confirmed today that a nine-hour outage on Tuesday, which took down and disrupted multiple Microsoft 365 and Azure services worldwide, was triggered by a distributed denial-of-service (DDoS) attack.

Redmond says the outage impacted Microsoft Entra, some Microsoft 365 and Microsoft Purview services (including Intune, Power BI, and Power Platform), as well as Azure App Services, Application Insights, Azure IoT Central, Azure Log Search Alerts, Azure Policy, and the Azure portal.

The company confirmed in a mitigation statement published today that the root cause behind yesterday’s outage was a DDoS attack, although it has yet to link it to a specific threat actor.

“While the initial trigger event was a Distributed Denial-of-Service (DDoS) attack, which activated our DDoS protection mechanisms, initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it,” Microsoft said.

“Once the nature of the usage spike was understood, we implemented networking configuration changes to support our DDoS protection efforts, and performed failovers to alternate networking paths to provide relief.”

BleepingComputer also contacted Microsoft on Tuesday regarding rumors that a DDoS attack was behind the outage, but we have yet to receive a reply.

Azure Microsoft 365 outage (July 2024)

The confirmation comes after the company said while mitigating the outage incident that it was caused by an “unexpected usage spike” that “resulted in Azure Front Door (AFD) and Azure Content Delivery Network (CDN) components performing below acceptable thresholds, leading to intermittent errors, timeout, and latency spikes.”

Redmond says it plans to release a Preliminary Post-Incident Review (PIR) within 72 hours and a Final Post-Incident Review within the next two weeks with additional details and lessons learned from this week’s outage.

In June 2023, Microsoft also confirmed that a threat actor known as Anonymous Sudan (aka Storm-1359), believed to have Russian links, took down its Azure, Outlook, and OneDrive web portals in Layer 7 DDoS attacks.

Earlier this month, tens of thousands of Microsoft 365 customers were impacted by another widespread outage caused by what Microsoft described as an Azure configuration change.

Other massive outages also affected Microsoft 365 services in July 2022 after a faulty Enterprise Configuration Service (ECS) deployment and in January 2023 following a Wide Area Network IP change.

Latest article