Microsoft confirms DDoS attack caused Azure, Outlook outages
In the first week of June, Microsoft Azure and Outlook services were down around the world affecting several users. The company has now confirmed via a blog that the service suffered a distributed denial of service (DDoS) attack.
Microsoft’s confirmation blog comes two days after The Associated Press’ request for details on the outage. The post said that ‘Storm-1359 appears to be focused on disruption and publicity’. The group has likely to have accessed a collection of botnets that could enable them to launch attacks from multiple cloud and open proxy infrastructures.
DDoS is a type of cyber attack where the attacker floods the server with traffic, cutting users’ access to connected online sites and services. In the blog, Microsoft offered more technical details on the attack. The attacker has been identified as Storm-1359 or more commonly known as Anonymous Sudan. The company, however, has denied any compromise to customer data.
The attack targeted layer 7 instead of layer 3 or 4. Layer 7 is the top layer in the OSI model of the internet, also called the application layer where activities like HTTP requests and responses happen. “Microsoft hardened layer 7 protections including tuning Azure Web Application Firewall (WAF) to better protect customers from the impact of similar DDoS attacks,” the company blog said.
Anonymous Sudan has reportedly carried out attacks in several countries including India and Israel. In April, the group DDoS attacked five Indian airports including the Cochin International Airport Limited. Other airports included the ones in Delhi, Mumbai, Hyderabad, and Goa.
Further, at the end of May, another outage struck Microsoft Azure. The suite of application lifecycle services under Azure DevOps stopped working for the South Brazil region for 10 hours. It was caused by a type that deleted seventeen production databases.