- Posts
- 10,813
- Posts Power
- 10,813.0%
- Liked
- 890
- Joined
- Jan 2, 1996
- Website
- inviteshop.us
In the first week of June, Microsoft suffered a major outage that impacted almost all its services including Azure, Outlook and Teams. The company has now revealed that a cyberattack was behind the global outage.
In a blog post, Microsoft has revealed details about the attack in the beginning of June that caused disruption to its services and took almost 15 hours for the company to mitigate. According to the Redmond giant, the company identified a surge in traffic against some of its services and opened an investigation into the DDoS (Distributed Denial-of-Service) attack.
Microsoft further noted that the threat actors used multiple Virtual Private Servers (VPS), proxies, rented cloud infrastructure as well as DDoS tools to execute the attack. While the attack was sophisticated, Microsoft confirmed that customer data was not accessed or compromised.
Microsoft also shared the technical details surrounding the attack. As per the company, the threat actor Storm-1359 used a collection of botnets and tools to launch the attack on the company's servers. These included HTTP(S) flood attack to overload the system and exhaust the resources through a high load of SSL/TLS handshakes and HTTP(S) requests. In Microsoft's case, the attacker had sent millions of HTTP(S) requests from IP addresses around the globe to overload the system.
Not only that, but the attacker also used Cache bypass to skip the CDN layer and overload the original system with a series of queries. Lastly, the attacker had used Slowloris wherein the client requests a resource from the server but fails to acknowledge the receipt of the resource, forcing the server to keep the connection open and the resource in its memory.
Microsoft ended the post with a series of tips and recommendations for Azure customers to protect them against Layer 7 DDoS attacks in the future. The company, however, did not disclose details related to the damage or any financial impact it had to incur due to the attack.
In a blog post, Microsoft has revealed details about the attack in the beginning of June that caused disruption to its services and took almost 15 hours for the company to mitigate. According to the Redmond giant, the company identified a surge in traffic against some of its services and opened an investigation into the DDoS (Distributed Denial-of-Service) attack.
Microsoft further noted that the threat actors used multiple Virtual Private Servers (VPS), proxies, rented cloud infrastructure as well as DDoS tools to execute the attack. While the attack was sophisticated, Microsoft confirmed that customer data was not accessed or compromised.
Microsoft also shared the technical details surrounding the attack. As per the company, the threat actor Storm-1359 used a collection of botnets and tools to launch the attack on the company's servers. These included HTTP(S) flood attack to overload the system and exhaust the resources through a high load of SSL/TLS handshakes and HTTP(S) requests. In Microsoft's case, the attacker had sent millions of HTTP(S) requests from IP addresses around the globe to overload the system.
Not only that, but the attacker also used Cache bypass to skip the CDN layer and overload the original system with a series of queries. Lastly, the attacker had used Slowloris wherein the client requests a resource from the server but fails to acknowledge the receipt of the resource, forcing the server to keep the connection open and the resource in its memory.
Microsoft ended the post with a series of tips and recommendations for Azure customers to protect them against Layer 7 DDoS attacks in the future. The company, however, did not disclose details related to the damage or any financial impact it had to incur due to the attack.