Monday, December 23, 2024

Microsoft confirms a CYBERATTACK was behind the latest outage that saw Outlook, Xbox, and Minecraft taken out for almost 10 hours

Must read

Microsoft has confirmed that its latest global outage was caused by a malicious cyberattack.

The outage saw Outlook email services, Xbox Live, and even Minecraft go down for almost 10 hours yesterday afternoon – just two weeks after millions were affected by global outages. 

Microsoft now admits that its services were taken out by a Distributed Denial of Service (DDOS) attack which was ‘amplified’ by an error in the company’s cyber defences.

Experts say the true culprits may never be identified but that they were likely encouraged to strike by Microsoft’s recent service troubles.

Sylvain Cortes, vice president of strategy at cybersecurity firm Hackuity, told MailOnline: ‘Rogue actors, cybergangs, and nation-states alike leverage these tactics, so further investigation is required to determine the origin of the threat.’

Microsoft says that its latest spate of outages was triggered by a cyberattack which the company’s defences failed to prevent 

This comes just two weeks after 8.5 million devices were affected by a faulty security update from cybersecurity firm CrowdStrike. Pictured: a screen at JFK Airport Terminal 1 displays a blue recovery mode message

This comes just two weeks after 8.5 million devices were affected by a faulty security update from cybersecurity firm CrowdStrike. Pictured: a screen at JFK Airport Terminal 1 displays a blue recovery mode message 

Yesterday, thousands of users reported issues accessing Microsoft services.

At the time, the tech giant’s service status website showed an alert for ‘network infrastructure,’ which is critical for connectivity and communication between users, apps, devices and the internet.

In a post on X (formerly Twitter) earlier that day, Microsoft had written: ‘We are investigating reports of issues connecting to Microsoft services globally. Customers may experience timeouts connecting to Azure services.’

Microsoft Azure is a cloud computing service which provides data access and management services for a wide number of different clients.

Azure also provides the centralised computer backbone for many of Microsoft’s own services such as Outlook and Xbox Live which were all affected by the disruption.

In a post on X, formerly Twitter, Microsoft said that it was experiencing widespread issues with Microsoft 365 services such as the email system Outlook

In a post on X, formerly Twitter, Microsoft said that it was experiencing widespread issues with Microsoft 365 services such as the email system Outlook 

Microsoft Azure showed that it was experiencing network infrastructure issues which were affecting a subset of services

Microsoft Azure showed that it was experiencing network infrastructure issues which were affecting a subset of services 

Today, in an update on the Microsoft Azure website, Microsoft now says these issues were caused by a cyberattack that the firm failed to properly defend.

Specifically, Microsoft says a preliminary investigation shows that their servers had been the target of a DDOS attack.

This is a very basic form of cyberattack in which the malicious party sends vast amounts of internet traffic to a website or server so that legitimate web traffic can’t get through.

While they have been used widely by hacktivist groups around the world, these attacks generally cause limited and temporary disruption.

However, Microsoft writes: ‘Initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it.’

Microsoft now says that Outlook, Xbox Live, and Minecraft were taken offline by a Distributed Denial of Service (DDOS) attack which was amplified by their own systems

Microsoft now says that Outlook, Xbox Live, and Minecraft were taken offline by a Distributed Denial of Service (DDOS) attack which was amplified by their own systems 

Pieter Arntz, senior threat researcher at cybersecurity firm Malwarebytes, explains that sometimes errors in the victim’s own systems will boost the power of a DDOS attack.

Mr Arntz told MailOnline: ‘Rather than fending off the attack, something in Microsoft’s cloud architecture overreacted and made things worse.

‘It’s very similar to how an ignorant person can ask more questions in an hour than a wise man can answer in a lifetime.’

It is also not clear whether the attackers intended their disruption to spread so widely or whether they had more specific goals in mind.

Unlike the previous outage which caused disruption at airports around the world (Pictured) this latest outage was triggered by a malicious attack from an unknown group

Unlike the previous outage which caused disruption at airports around the world (Pictured) this latest outage was triggered by a malicious attack from an unknown group

Mr Cortes says: ‘Attackers inflict as much pain as they need to achieve their ends. Sometimes the collateral damage extends further than even they expected.

‘At this time, we can only speculate on the intentions behind this specific attack.’

No known organisation or group is yet to claim responsibility for the attack, which makes it unlikely that the true identity of the attackers will ever be revealed.

DDOS attacks generally harness large networks of compromised computers which makes it difficult to trace the attack back to a single source.

Jake Moore, global cybersecurity advisor at ESET, told MailOnline: ‘Such attacks are rarely attributed to anyone as the perpetrators can easily hide and evade detection.’

However, Mr Moore points out that the cybercriminals behind the attack were likely emboldened by Microsoft’s recent troubles.

Microsoft Azure provides the cloud computing services for Microsoft products like Xbox Live and Minecraft. As its own defences overreacted to the DDOS attack many products using Azure were affected

Microsoft Azure provides the cloud computing services for Microsoft products like Xbox Live and Minecraft. As its own defences overreacted to the DDOS attack many products using Azure were affected 

Cybersecurity experts told MailOnline that the criminals or nation behind the attack were likely emboldened by seeing the massive problems Microsoft faced with service outages in previous weeks

Cybersecurity experts told MailOnline that the criminals or nation behind the attack were likely emboldened by seeing the massive problems Microsoft faced with service outages in previous weeks 

He says: ‘Since the large CrowdStrike outage, it can be assumed that cybercriminals around the globe will now attempt attacks considered unthinkable before.

‘From what we have seen over the last couple of weeks we have learnt to expect the unexpected more than ever. To witness two major outages in such a short space of time is unprecedented but maybe not entirely independent.’

Microsoft says that the service was back to normal by 21:48 BST but not before widespread disruption caused frustration for thousands of customers.

That included many using Microsoft’s Xbox Live gaming platform and those trying to log in to the popular video game Minecraft.

Big corporations were also affected by the attack including Cambridge Water which wrote in a post on X that ‘due to worldwide issues with Microsoft Azure, a problem with our website is affecting several services including MyAccount and PayNow.’

The attack came at an especially bad time for the company as it brought service to a standstill just hours before Microsoft was due to present its latest financial update.

Tens of thousands of flights were cancelled across the globe as CrowdStrikes ‘Falcon Sensor’ update caused Windows to crash

On X, many users vented their frustration with Microsoft's faulty servers which had once again gone down

On X, many users vented their frustration with Microsoft’s faulty servers which had once again gone down 

Others bemoaned Microsoft's centralised systems which allowed disruption to spread widely across different services

Others bemoaned Microsoft’s centralised systems which allowed disruption to spread widely across different services 

This comes just two weeks after a faulty software update from cybersecurity firm CrowdStrike knocked 8.5 million Microsoft devices offline.

The incident impacted Microsoft’s 365 apps and Azure service, which are used by more than 50 per cent of Fortune 500 companies and eight of the top financial institutions across 43 US states.

Major government offices were forced to close including the Social Security Administration which said the incident had shut down numerous services.

Most visibly, thousands faced delays while preparing to fly as the Microsoft-powered systems of airlines crashed.

Tens of thousands of flights were cancelled across the globe as CrowdStrikes ‘Falcon Sensor’ update caused Windows to crash – leaving many with the infamous ‘blue screen of death’.

MailOnline has contacted Microsoft for comment.

WHAT CAUSED FACEBOOK’S LARGEST EVER OUTAGE?

On March 14, 2019, Facebook experienced the largest outage in the social network’s history.

There are a number of explanations as to why problems with Facebook’s own hardware could have caused the outage.

The firm’s claims of a ‘database overload’ on its network of servers could be caused by a range of internal complications.

The 500 ‘internal server error’ messages detected by internet network analysts can be prompted to a variety of snags.

With a network of servers – the computers that relay traffic to and from the firm’s apps and their users – as large as Facebook, complications are bound to arise.

Planned maintenance of the software databases used to ferry this internet traffic, as well as the hardware they are stored on, can lead to scheduled downtime.

In this case, the outage clearly caught the company by surprise, which would explain why it took them so long to bring their apps back online. 

Facebook has so far remained tight-lipped over the exact cause of the ‘database overload’.

Potential explanations include updates to the network’s infrastructure that led to unintended consequences.

Another theory put forward suggests that an internet service provider (ISP) in Europe misdirected traffic from Facebook and this problem then spread across the internet.

A useful analogy to explain this explanation is a motorway’s worth of cars being sent down a cul-de-sac due to an incorrect road signal.

The mass failure of components, which includes hard drive storage or power supplies, could also explain the outage, but this would seem unlikely.

Latest article