Get updates delivered to you daily. Free and customizable.
Windows Central
Microsoft: Yesterday's Azure and 365 server outage was caused by a DDoS attack ... at least at first
By Jez Corden,
2024-07-31
What you need to know
Microsoft's Azure data center infrastructure suffered an outage yesterday.
Services powered by Azure systems suffered downtime, including banks, and other major businesses. Microsoft's own services like Outlook were also disrupted.
Microsoft was quick to mitigate the outage, and today, issued an explanation for the downtime.
A distributed denial of service (DDoS) attack triggered the initial outage, but then Microsoft amplified the issues with a faulty mitigation measure.
Microsoft apologized for the downtime.
Cybersecurity is a hot topic right now, and Microsoft often finds itself in the crosshairs.
Last week, a massive and unprecedented flaw in Crowdstrike endpoint protection software killed millions of computers and kiosks worldwide, leading to widespread disruption for various critical infrastructure businesses. Airlines, banks, and more suffered downtime, causing chaos for customers and billions in losses globally. Crowdstrike has also lost billions in market capitalization after the event, leading Microsoft to lead calls to close off regulator-mandated vendor access to the Windows kernel.
For IT departments impacted by the downtime, a new Azure outage was probably the last thing they wanted to see across their desk first thing in the morning. Alas, that's what happened.
"An unexpected usage spike resulted in Azure Front Door (AFD) and Azure Content Delivery Network (CDN) components performing below acceptable thresholds, leading to intermittent errors, timeout, and latency spikes," the status page reads. "While the initial trigger event was a Distributed Denial-of-Service (DDoS) attack, which activated our DDoS protection mechanisms, initial investigations suggest that an error in the implementation of our defences amplified the impact of the attack rather than mitigating it."
Simplified, DDoS attacks refer to "distributed denial-of-service" events, by which an attacker sends millions, maybe billions of bogus requests at server infrastructures, overloading the system. Typically these attacks are delivered by botnets, where malware infected computers join in on the attack simultaneously in a co-ordinated manner. Microsoft states that its systems weathered the initial wave of attacks, but it was ironically their preventative measures that exacerbated the attack, rather than mitigated it.
Microsoft's Azure infrastructure is incredibly robust against these types of attacks, which have increasingly been utilized by hostile state-backed hacking groups to attack domestic infrastructure in recent years. Groups often associated with Russia, North Korea, and China are often held responsible, although Microsoft has yet to point any blame for this particular effort.
Diversifying global IT infrastructure
Cyber attacks of all shapes and sizes are evolving all the time, and so too much the tools used to defend against them. Microsoft is at the forefront of this battle, naturally, owing to its global server apparatus and its status as a service provider to nation states and defence departments. Microsoft has been contributing to Ukraine's cyber defence effort for example, and provides the infrastructure the U.S. defence department. It has also been the victim of Russia-backed cyber attacks, including communication theft, which has resulted in embarrassing hits to its cybersecurity credibility.
We don't know a lot of details about yesterday's particular outage in terms of blame, but the fact Microsoft admitted that its own preventative measures amplified the issues is likely to lead to more questions of priorities. With the age of AI platforms helping hostile actors automate some of their processes, I suspect cybersecurity is going to be an ever-increasingly hot topic in the coming years.
Get updates delivered to you daily. Free and customizable.
It’s essential to note our commitment to transparency:
Our Terms of Use acknowledge that our services may not always be error-free, and our Community Standards emphasize our discretion in enforcing policies. As a platform hosting over 100,000 pieces of content published daily, we cannot pre-vet content, but we strive to foster a dynamic environment for free expression and robust discourse through safety guardrails of human and AI moderation.