Microsoft Azure confirms outage due to DDoS cyberattack

Welcome to the latest issue of The Breach Report, a cybersecurity newsletter from the creators of the Cybersecurity Careers Blog. Be sure to subscribe via email or RSS.

Microsoft Azure, 365 and Purview service outage caused by DDoS cyberattack

If you tried to access Microsoft Azure, 365, or Purview services on Tuesday, you may have experienced the latest outage to hit these platforms. Microsoft confirmed that a distributed denial of service (DDoS) cyberattack led to an eight-hour outage on Tuesday, July 30, 2024. Abnormal traffic spikes and timeouts affected Azure global services such as Azure Front Door and Azure Content Delivery Network.

Microsoft is investigating the outage. It will conduct a preliminary review of the incident within 72 hours and a detailed review within two weeks to understand what went wrong and how to better mitigate future attacks.

The outage comes only days after a global IT outage affected Microsoft Windows endpoints with Crowdstrike Falcon, an endpoint detection and response (EDR) tool. The defective Falcon update caused a “blue screen of death” (BSOD) on all affected systems, rendering the devices useless until remediation could be applied.

Microsoft’s response to DDoS may have made outage worse

Microsoft said once the Azure DDoS protection mechanisms were triggered, “initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it.”

Customer impact was first recorded at 11:45 UTC on July 30, and by 19:43 UTC, failure rates returned to pre-incident levels. Additional escalated incident response monitoring continued, and Microsoft declared the incident mitigated at 20:48 UTC.

Microsoft offers Azure Service Health alerts that trigger emails, SMS, push notifications, and webhooks.

Microsoft has not confirmed the origin of the attack or who is responsible at this time.

On the same day of the incident, Microsoft CEO Satya Nadella stated in an earnings call that “cybersecurity is a top priority for the company.”

Latest Cybersecurity News

What we’re reading across the wire about the latest cybersecurity hacks, breaches, industry news, and more.

New from our blog:

• Wiz Turns Down $23 Billion Acquisition Offer from Google: Pursuing IPO Instead

New from our favorite blogs and journalists:

• CrowdStrike CEO says 97% of Windows sensors restored in IT outage recovery effort (Cybersecurity Dive)

• Some companies pay ransomware attackers multiple times, survey finds (Cybersecurity Dive)

• Business interruption claims will drive insurance losses linked to CrowdStrike IT disruption (Cybersecurity Dive)

• CrowdStrike Explains What Went Wrong Days After Global Tech Outage (The Wall Street Journal)

• CrowdStrike Outage Puts Its Financial Reporting Under Scrutiny, Too (The Wall Street Journal)

• Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware (The Hacker News)

• City of Columbus Says Data Compromised in Ransomware Attack (Security Week)

• Exploited Vulnerability Could Impact 20k Internet-Exposed VMware ESXi Instances (Security Week)

• Ransomware attack forces hundreds of small Indian banks offline, sources say (Reuters)

Today’s Cyber Wall of Shame

Until next time…

Rob Waters
Founder
The Breach Report + Cybersecurity Careers Blog

P.S. - Do you want to start a newsletter yourself?
You can with beehiiv. Create one today with a free trial.
Disclaimer: The Breach Report may contain affiliate links. Read our Advertising policy page.