Thomas Trutschel | photography | beautiful pictures
In early June, sporadic but severe service disruptions occurred by Microsoft leading office suite — including Outlook email and OneDrive file sharing apps — and a cloud platform. A shady hacktivist group has claimed responsibility, saying they flood websites with junk traffic in distributed denial-of-service attacks.
Initially not disclosing the cause, Microsoft has now revealed that DDoS attacks by a shady upstart are indeed the cause.
But the software giant has provided some details — and won’t comment on the extent of the attacks. It did not say how many customers were affected or describe the attackers, which it named Storm-1359. A group calling itself Anonymous Sudan claimed responsibility on the Telegram social media channel at the time. Some security researchers believe the group is Russian.
Microsoft explained in a blog post Friday night at the request of the Associated Press two days earlier. Without disclosing details, the post said the attacks “temporarily affected the availability” of some services. It said attackers focused on “disruption and publicity” and were likely using rented cloud infrastructure and virtual private networks to bombard Microsoft’s servers from so-called botnets. zombie computers around the globe.
Microsoft says there is no evidence of customer data being accessed or compromised.
While DDoS attacks are mostly annoying — rendering websites inaccessible without hacking into them — security experts say they could disrupt the work of millions if they successfully disrupted the services of software-as-a-service giants like Microsoft, which depended heavily on global commerce.
It’s unclear if that’s what happened here.
“We really don’t have a way to measure the impact if Microsoft doesn’t provide that information,” said Jake Williams, a prominent cybersecurity researcher and former National Security Agency hacker. know. Williams said he was not aware Outlook had previously been attacked at this scale.
“We know some resources are inaccessible to some, but not others. This often happens with DDoS of globally distributed systems,” Williams added. Microsoft’s apparent unwillingness to provide an objective measure of customer impact, he said, “probably speaks volumes.”
As for Storm-1359’s identity, Williams said he doesn’t think Microsoft knows. That wouldn’t be unusual. Cybersecurity investigations tend to take time — and even then can be challenging if the adversary is skilled.
Pro-Russian hacker groups including Killnet – which cybersecurity firm Mandiant says has links to the Kremlin – have attacked the government and other websites of Ukrainian allies with DDoS attacks. In October, several US airport locations were attacked.
Edward Amoroso, NYU professor and CEO of TAG Cyber, said the Microsoft incident highlights how DDoS attacks remain “a significant risk we all agree to avoid talking about. calling this an unresolved issue is undisputed.”
He said Microsoft’s difficulties in fending off this particular attack represent “a single point of failure.” The best way to defend against these attacks is to distribute services massively, such as on a content delivery network.
Kevin Beaumont, a British security researcher, said that the techniques used by attackers are not old. “One day back in 2009,” he said.
Severe impacts due to disruptions to the Microsoft 365 office suite were reported on Monday, June 5, peaking at 18,000 outages and crash reports on the Downdetector tracker as soon as 11 a.m. Eastern time.
On Twitter that day, Microsoft said Outlook, Microsoft Teams, SharePoint Online, and OneDrive for Business were affected.
Attacks continued into the week, with Microsoft confirming on June 9 that its Azure cloud computing platform was affected.
On June 8, computer security news site BleepingComputer.com reported that the cloud-based OneDrive file storage feature has been discontinued globally for a while.
At the time, Microsoft said OneDrive desktop clients were not affected, BleepingComputer reported.
