Microsoft has confirmed that a distributed denial of service (DDoS) cyberattack was the cause of its second IT outage in as many weeks.
This incident came just days after a global IT meltdown left Windows users worldwide locked out of multiple services.
The disruption began around 11:45 UTC on Tuesday and lasted nearly 10 hours. During this time, users reported being unable to access several Microsoft services, including Microsoft 365 products — such as Office and Outlook — as well as Azure and Minecraft.
Microsoft has now confirmed that the massive outage affecting its services was triggered by a DDoS attack.
Although Microsoft had DDoS protection mechanisms in place, an error in their implementation amplified the impact of the attack rather than mitigating it, according to Microsoft.
What is a DDoS attack?
A Distributed Denial-of-Service (DDoS) attack is an attempt to disrupt a targeted server, service, or network’s normal traffic by overwhelming the target with a flood of Internet traffic.
According to cloud-based security vendor CloudFlare, in essence, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.
DDoS attacks maximise effectiveness by utilising multiple compromised computer systems and other networked resources, such as IoT devices, as sources of attack traffic.
According to Adam Pilton, senior cybersecurity consultant at cybersecurity monitoring and insurance platform Cybersmart, DDoS attacks are probably quite frequent for Microsoft, but they usually fail to break through security.
“What is surprising is that this one was successful. Microsoft has confirmed that it does have DDoS protection in place, which is what we would expect. However, the protection they did have was misconfigured, which, in fact, ended up amplifying the attack,” he said.
He added that understanding how Microsoft allowed the attack to happen will be an important part of ensuring whether or not businesses can maintain confidence in them.
What can businesses do to mitigate outages?
“DDoS attacks are not uncommon”, says Brian Higgins, security specialist at Comparitech, “If a threat actor has the resources to overwhelm your network, the best response is to be prepared and have a comprehensive recovery plan to minimise downtime,” he adds.
Whilst this attack isn’t related to the previous CrowdStrike outage — which was caused by a fault update in the vendor’s detection tool, Falcon — both incidents highlight a concerning reliance on single-platform digital provision, according to Higgins.
“Continuity and resilience rely upon the ability to react and adapt at pace. If all of your eggs are in one basket, you will never be able to do either,” he added.
According to Erfan Shadabi, a cybersecurity expert at Comforte AG, businesses should have robust incident response and continuity plans, conduct regular security assessments, and ensure proper implementation of security measures.
“It is also important to commend Microsoft for its prompt and transparent response to the incident. Their quick action in identifying and addressing the error, as well as their openness about the nature of the problem, demonstrates a commitment to security and a proactive approach to handling cybersecurity incidents.”
