Microsoft has confirmed that the Azure and Outlook failure in June was caused by a DDDoS attack. The incident was triggered by a surge in traffic from Anonymous Sudan, a hacker group.
The company stated that despite the significant impact on servers,no customer data was compromised during the attack. Microsoft has indicated that the DDoS attack focused on Layer 7 rather than Layer 3 or 4. The primary objective was to cause disruptions and generate chaos, not information theft.
Microsoft has revealed that the attackers employed a variety of techniques in the DDoS attack, including the HTTP(S) flood attack. This method seeks to flood system resources by overloading SSL/TLS and HTTP(S) requests.
Microsoft disclosed that no customer data was compromised during the attack.
In addition, two other strategies used in the attack were identified. One of them is the cache bypass, which seeks to bypass the CDN layer and can generate an overload on the original servers. The other is the slowloris attack, which keeps connections open and overloads the requested resources on the memory.web server.
In response to the attack, Microsoft has implemented adjustments to strengthen the security of its customers in the face of future attacks. This involves using Layer 7 protection services such as Azure WAF, enabling bot protection, blocking malicious IP addresses and geographic regions, and creating custom rules for WAFs.
After analyzing Anonymous Sudan’s activities, cybersecurity firm CyberCX suggested that the group may have links to Russian government operations. According to CyberCX, the investment in expensive equipment to carry out the attack indicates possible government funding.
Source: Microsoft