Microsoft has confirmed that the crash in Azure and Outlook in June was caused by a DDoS attack. The incident was triggered by an increase in traffic from Anonymous Sudan, a group of hackers.
The company stated that despite the significant impact on servers, no customer data was compromised during the attack. Microsoft has indicated that the DDoS attack targeted layer 7 instead of layers 3 or 4. The primary goal was to cause disruption and chaos, not information theft.
Microsoft has revealed that the attackers used various techniques in the DDoS attack, including the HTTP(S) flood attack. This method searches exhausting system resources by overloading SSL/TLS and HTTP(S) requests.
Microsoft revealed that no customer data was compromised during the attack.
Besides, Two other strategies used in the attack were identified. One of them is cache bypass, which seeks to evade the CDN layer and can generate an overload on the original servers. The other is the slowloris attack, which keeps connections open and overloads the requested resources on the memory.web server.
In response to the attack, Microsoft has implemented tweaks to strengthen the security of its customers against future attacks. This involves using Layer 7 protection services such as Azure WAF, enabling bot protection, blocking malicious IP addresses and geographic regions, and creating custom WAF rules.
After analyzing the activities of Anonymous Sudan, the cybersecurity company CyberCX suggested that the group may have ties to Russian government operations. According to CyberCX, the investment in expensive equipment to carry out the attack indicates possible government funding.
Fountain: Microsoft
