Microsoft: Azure DDoS attack amplified by cyber-defense error

Jai Vijayan, Dark Reading

August 1, 2024

2 Min Read
Microsoft: Azure DDoS attack amplified by cyber-defense error

Microsoft blamed an implementation error for amplifying the impact of a distributed denial-of-service (DDoS) attack yesterday, which ended up disrupting the company’s Azure cloud services for nearly eight hours.

The attack affected several Azure offerings, including Azure App Services, Azure IoT Central, Application Insights, Log Search Alerts, and Azure Policy. The disruption, which began at around 7:45 a.m. ET and lasted until 3:43 p.m. ET, also impacted the main Azure portal and a subset of Microsoft 365 and Microsoft Purview data-protection services.

DDoS Cyber-Defense Error Under Investigation

In an event summary yesterday, Microsoft described the DDoS attack as causing an “unexpected usage spike [that] resulted in Azure Front Door (AFD) and Azure Content Delivery Network (CDN) components performing below acceptable thresholds.” The spike caused intermittent service errors, timeouts, and sudden latency increases.

More concerningly in some ways, “while the initial trigger event was a DDoS attack, which activated our DDoS protection mechanisms, initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it.”

Microsoft has not specifically identified the mistake that exacerbated the DDoS attack. But according to its description of the events of July 30, the initial network configuration changes the company made to support DDoS mitigation efforts may have led to some unexpected “side effects.” The company implemented an updated approach that it first rolled out in thbe Asia-Pacific region and Europe, and then deployed in the Americas after validating the approach worked.

“Our team will be completing an internal retrospective to understand the incident in more detail,” Microsoft said. “We will publish a Preliminary Post Incident Review (PIR) within approximately 72 hours, to share more details on what happened and how we responded.”

To read the complete article, visit Dark Reading.

About the Author

Jai Vijayan

Jai Vijayan

Dark Reading

See more from Jai Vijayan
Subscribe to receive Urgent Communications Newsletters
Catch up on the latest tech, media, and telecoms news from across the critical communications community
Sign Me Up

Recent

thumbnail
911
California statewide deployment of NG911 ‘on hold’ pending project assessmentCalifornia statewide deployment of NG911 ‘on hold’ pending project assessment
byDonny Jackson
Nov 23, 2024
7 Min Read
thumbnail
Regulations
FCC Chairwoman Jessica Rosenworcel to depart agency after Trump inaugurationFCC Chairwoman Jessica Rosenworcel to depart agency after Trump inauguration
byDonny Jackson
Nov 22, 2024
3 Min Read
thumbnail
IoT
AT&T to discontinue NB-IoT, but T-Mobile and Verizon keep the faithAT&T to discontinue NB-IoT, but T-Mobile and Verizon keep the faith
byMike Dano / Light Reading
Nov 21, 2024
1 Min Read
thumbnail
Software
Microsoft unveils resiliency, security enhancements following July global IT outageMicrosoft unveils resiliency, security enhancements following July global IT outage
byDavid Jones / Cybersecurity Dive
Nov 21, 2024
1 Min Read