A DDoS attack involves overwhelming a website or server with excessive traffic, impairing its functionality or causing it to go offline. This type of cyber threat is common and often targets e-commerce, gaming, and telecom companies to disrupt their operations, damage their reputation, or infiltrate databases for confidential information. While some DDoS attacks are short-lived, others can persist for extended periods, causing significant disruption.
Nine-Hour Service Disruption Affects Azure and Microsoft 365 Users
A distributed denial-of-service (DDoS) attack caused a significant disruption to several Azure and Microsoft 365 services on Tuesday, July 30, affecting users globally for over nine hours. From 11:45 UTC to 19:43 UTC, Microsoft customers experienced connectivity issues with various services including Azure App Services, Application Insights, Azure IoT Central, Azure Log Search Alerts, Azure Policy, the Azure portal, and parts of Microsoft 365 and Microsoft Purview.
In a statement, Microsoft confirmed the DDoS attack but did not identify any specific threat actors behind it. “While the initial trigger event was a Distributed Denial-of-Service (DDoS) attack, which activated our DDoS protection mechanisms, initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it,” Microsoft explained.
Response and Mitigation Efforts
During the outage, Microsoft initially reported an “unexpected usage spike” which caused Azure Front Door (AFD) and Azure Content Delivery Network (CDN) components to underperform, resulting in intermittent errors, timeouts, and latency spikes. Once the nature of the spike was understood, Microsoft implemented networking configuration changes to bolster its DDoS protection efforts and performed failovers to alternative networking paths to alleviate the issue.
The incident marks the second major outage for Microsoft within a month. On July 19, a configuration change on the backend of its cloud computing services led to connectivity loss for customers, primarily in the central US region. Additionally, the same day saw a faulty update from cybersecurity firm Crowdstrike causing Windows PC systems to display the ‘blue screen of death,’ temporarily impacting various industries worldwide.
Microsoft’s recent experience underscores the growing threat of cyberattacks and the importance of robust defense mechanisms to protect critical infrastructure and services.