Verification from Microsoft indicates that the global interruption on July 30 originated from a distributed denial-of-service assault. However, their directive pointed out that the situation worsened due to a “flaw in the execution of their defenses” while trying to mitigate it.
Between around 11:45 UTC and 19:43 UTC, Azure’s cloud services were affected by a deluge of internet traffic. Professionals in Redmond’s security realm mentioned that both the Azure Front Door and Azure Content Delivery Network elements were “not meeting acceptable standards, leading to periodic errors, timeouts, and spikes in latency.”
Manoeuvres are in place within Microsoft for preventing DDoS attacks that activate automatically. Yet, an oversight in their implementation “magnified the impact of the assault instead of lessening it.” The security unit enacted modifications to network configurations and directed traffic through alternate routes to lessen the load on main systems.
A significant portion of the repercussions were alleviated within two and a half hours, though additional efforts were required by 18:00 UTC to reinstate full access for all users. The incident concluded at 20:48 UTC.
The perpetrators responsible for the DDoS event have yet to be identified. Nevertheless, the activist collective known as “SN_blackmeta” has acknowledged their involvement. Microsoft has pledged to release an initial post-incident evaluation before the week’s end, followed by a comprehensive analysis within 14 days.
In an email to TechRepublic, a Microsoft representative stated, “We have completely resolved the service disruption encountered by a subset of users on July 30. For more information, please consult the Azure status page.”
VIEW: White Hat Hackers Discover Microsoft Leak of 38TB Data Internally via Azure Storage
The incident with Azure had a worldwide impact, affecting certain customers trying to connect with Azure App Services, Application Insights, Azure IoT Central, Azure Log Search Alerts, Azure Policy, the Azure portal, and select Microsoft 365 and Microsoft Purview services.
Various organizations issued statements on Tuesday, informing users of service disruptions due to the Azure DDoS attack. These included Minecraft creator Mojang, GitHub’s CodeSpaces, DocuSign, water suppliers, legal courts, and soccer teams. Microsoft later expressed regret for the inconvenience.
Stephen Robinson, senior intelligence analyst at the cybersecurity firm WithSecure, explained in a message to TechRepublic, “Today’s online platforms rely on multiple interconnected layers, with Microsoft services comprising a significant portion. One of these affected services, Entra, enables users to log in to various services and websites. Without it, users face log-in difficulties.
“Consequently, even though this disruption was brief and only impacted some services, it was still noticeable to numerous individuals.”
What defines a denial of service attack?
A denial of service (DoS) attack is a tactic where a malicious entity tries to block access to a web server, web application, or cloud service by overwhelming it with service requests.
While a DoS attack typically originates from a single source, a distributed denial of service (DDoS) attack employs numerous machines across various networks to disrupt a specific service provider; this presents a greater challenge in its mitigation due to the attack’s originating from multiple locations.
The increase in DDoS attacks
DDoS assaults are on the rise. Cloudflare recorded a 20% surge year-on-year in Q2 of 2024, following a 50% rise in Q1. Indications suggest a connection to geopolitical events, with the anti-DDoS service Stormwall observing a correlation with election cycles and a surge in attacks on Israel following the escalation of tensions in Gaza.
VIEW: Unprecedented DDoS Attack: HTTP/2 Rapid Reset Zero-Day Uncovered by Google, AWS & Cloudflare
While significant DDoS attacks affecting Microsoft services are infrequent, they are not unheard of. In June 2023, a series of assaults directed at Azure and other online platforms were attributed to the activist group known as Anonymous Sudan, resulting in disruptions to services like Outlook and OneDrive.
During the holiday season that year, Microsoft also reported a rise in DDoS attacks, as attackers exploited reduced staff availability.
However, Microsoft faced non-DDoS-related outages this summer as well. On July 19, a considerable number of users in the U.S. were unable to access Microsoft 365 services after an Azure configuration adjustment. This incident occurred shortly after a malfunction in a CrowdStrike Falcon Sensor update impacted 8.5 million Windows devices worldwide.
About Author
